How do I disable SSLv3 on my CP server?
OnApp version 3.x , 4.x , 5.x
In the OnApp installation the openssl utility is installed, and there are 2 Apache configuration files that have the SSLProtocol directive defined. These are /etc/httpd/conf.d/ssl.conf and /etc/httpd/conf.d/onapp.conf . To disable SSLv3, you will need to explicitly disable SSLv3 by modifying the SSLProtocol directive to include -SSLv3. It will look something like this with the default installation:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLProtocol all -SSLv2
These will need to be modified to so that SSLv3 is disabled, so it would look like
SSLProtocol -ALL -SSLv3 +TLSv1
SSLProtocol all -SSLv2 -SSLv3
Once these changes are made and saved, you will want to stop the onapp service:
service onapp stop
and then restart Apache:
and then restart onapp:
service onapp start
Once these services are restarted, SSLv3 will be disabled.
More information on the vulnerability can be found at https://access.redhat.com/security/cve/CVE-2014-3566. There is currently no patch available, so disabling SSLv3 is highly recommended.