Apache: How to Disable the SSL v3 Protocol
Locate your SSL Protocol Configuration on your Apache server.
Type one the following commands:
grep -i -r "SSLProtocol" /etc/apache2
grep -i -r "SSLProtocol" /etc/httpd
In these examples, /etc/apache2 and /etc/httpd are the base directory for an Apache installation.
For a list of default base directories and installation layouts in Apache HTTPD for different operating systems, seeDistrosDefaultLayout.
If that command doesn’t find the “SSLProtocol” string, then look for SSLEngine by typing one of the following commands:
grep -i -r "SSLEngine" /etc/apache2
grep -i -r "SSLEngine" /etc/httpd
The command will output the available Virtual Hosts or your config file.
Open the config file or Virtual Host for which you are disabling the SSL v3 protocol.
Add or update the following lines in your configuration:
SSLProtocol all -SSLv2 -SSLv3
If you used the grep -i -r "SSLEngine"… command, you need to search for “SSLEngine On” and add SSLProtocol all -SSLv2 -SSLv3in the line beneath it.
For example, type the following command:
apachectl -k restart
You have successfully disabled the SSL v3 protocol.
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!