how do i Disable the ssl3 cipher in OSX Server so as to not be vulnerable for POODLE ?
Ho To Disable ssl3 in OSX Server (for mail and Web hosting)
apacheosx-serverserver.app
Related Question
- Location of OSX Lion Mail Server sent mail
- OSX server 10.6 and umask
- MacOS – Embedding Web Snippets in Wiki Server and Security Settings
- MacOS – OSX Mavericks and OSX Lion Login Server
- MacOS – How to set a web server in a specific directory in OSX Mavericks
- MacOS – OSX Mail Server Forward to External Address
- MacOS – OSX server 5.2 VPN type missing
- How to disconnect the profile from a dead OSX Server
Best Answer
Depends on the Server...
Apache: SSLProtocol All -SSLv2 -SSLv3
NGINX: ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Postfix: smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
Sendmail (sendmail.mc): LOCAL_CONFIG O CipherList=HIGH O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3
Dovecot (In /etc/dovecot/local.conf or /etc/dovecot/conf.d): ssl_protocols = !SSLv2 !SSLv3
If you use virtual Servers with SSL, please note that you have to do this on all instances!