1. bluehost knowledge base

VPS & Dedicated Hosting: Disable SSLV3

Overview

This article will explain how to disable SSLv3 on a VPS or Dedicated server. This can help you avoid issues with vulnerabilities in SSLv3.

Click on any of the sections to jump to that point in the guide.



What You Need

To begin, you will just need to be able to login to your WHM. If you haven't done this before, please see How to login in to WHM.
Note: If this is your first time logging into the WHM you may see a page titled "Feature Showcase". Click on Exit to WHM at the bottom of the page.

Once logged in, you will need to open the Apache settings.

Open the Apache Settings

  1. In the search bar at the top left of the WHM, type "Apache".
    WHM - Search for Apache
  2. In the search results, click on "Apache Configuration".

Change the SSL Cipher and Protocol Settings

  1. On Apache Configuration page, click on Global Configuration.
    WHM - Global Configuration
  2. The first option should be SSL Cipher Suite, Select the 3rd option then copy this text into the box:
    ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH
    Cipher Suite
  3. Under SSL/TLS Protocols, make sure the default setting, All -SSLv2 -SSLv3 is selected.
    Protocol
  4. Scroll to the bottom of the page and click the Save button.
  5. Click the Rebuild Configuration and Restart Apache button.
    Configuration Rebuild
    Rebuild - Success

Note: After following these steps it may be necessary to add "Options +FollowSymLinks" to the .htaccess file for your site.

Test the Configuration

To test that SSL is disabled you run this command:
curl -IL –sslv3 https://domain.com
Note: replace domain.com with the domain for your site.

If SSLv3 has been disabled you should see a message like this:

curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure