Disabling SSLv3 in Apache By Setting SSLProtocol (be aware of VirtualHost issue)

After doing some testing and debugging, it looks like there is a long-standing issue in openssl/mod_ssl that prevents changes to the SSLProtocol value made per VirtualHost from taking effect…

The value of SSLProtocol will be set permanently from the first SSL Virtual Host loaded by Apache. And further changes to the value in other SSL Virutal Hosts will not work and will fail silently (i.e., with no messages recorded in the error log).

It is unclear whether this is a openssl/mod_ssl bug or a general re-negotiation issue (related to SNI).

Correctly Disable SSLv3 Protocol

Edit the first VirtualHost loaded by Apache.

For WampDeveloper Pro this is –

C:\WampDeveloper\Config\Apache\extra\wampd-httpd.host.ssl.vh.conf

Update the SSL Protocol (SSLProtocol) to remove SSLv3 –

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite

Make sure that you do not remove SSLv3 (with !SSLv3) from the SSL Cipher Suite (SSLCipherSuite) as it is used inside TLSv1.0…

You can verify that openssl uses/links the SSLv3 cipher inside the TLSv1 protocol with this command –

openssl ciphers -v "TLSv1" | sort
ADH-AES128-SHA      SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
ADH-AES256-SHA           SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
ADH-CAMELLIA128-SHA      SSLv3 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA1
...
SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA  SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
SRP-RSA-AES-256-CBC-SHA  SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1

Disabling the SSLv3 protocol fixes the POODLE vulnerability… The SSLv3 ciphers are not related to any vulnerabilities.

Test SSLv3 Vulnerability

You can test your configuration locally by running a manual openssl connection to check if the SSLv3 handshake fails…

openssl s_client -connect www.example.com:443 -servername www.example.com -ssl3

You can also check if the SSLv3 cipher is available (it should be)…

openssl s_client -connect www.example.com:443 -servername www.example.com -cipher SSLv3

Browser Compatibility Issues

While disabling the SSLv3 Protocol will prevent the POODLE attack, and mitigate on other security issues and vulnerabilities, it will also break SSL connections made by IE 6 (on Windows XP or older).

And if you follow the PCI requirements of also disabling TLSv1.0, this can break IE 10, 9, and 8 compatibility (when released they did not have TLSv1.1 nor TLSv1.2 enabled by default).

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>