How do I disable SSLv3 on my CP server?
OnApp version 3.x , 4.x , 5.x
In the OnApp installation the openssl utility is installed and there are 2 apache configuration files that have the SSLProtocol directive defined, these are /etc/httpd/conf.d/ssl.conf and /etc/httpd/conf.d/onapp.conf . To disable SSLv3 you will need to explicitly disable SSLv3 by modifying the SSLProtocol directive to include -SSLv3. It will look something like this with the default installation
SSLProtocol -ALL +SSLv3 +TLSv1
SSLProtocol all -SSLv2
These will need to be modified to so that SSLv3 is disabled so it would look like
SSLProtocol -ALL -SSLv3 +TLSv1
SSLProtocol all -SSLv2 -SSLv3
Once these changes have been made and saved you will want to stop the onapp service
service onapp stop
and then restart apache
and then restart onapp
service onapp start
Once these have been restarted SSLv3 will be disabled.
Additional Info -- More information on the vulnerability can be found at https://access.redhat.com/security/cve/CVE-2014-3566 . There currently is no patch available so disabling SSLv3 is highly recommended.