Ho To Disable ssl3 in OSX Server (for mail and Web hosting)

apacheosx-serverserver.app

how do i Disable the ssl3 cipher in OSX Server so as to not be vulnerable for POODLE ?

Best Answer

Depends on the Server...

Apache: SSLProtocol All -SSLv2 -SSLv3

NGINX: ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Postfix: smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

Sendmail (sendmail.mc): LOCAL_CONFIG O CipherList=HIGH O ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE O ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

Dovecot (In /etc/dovecot/local.conf or /etc/dovecot/conf.d): ssl_protocols = !SSLv2 !SSLv3

If you use virtual Servers with SSL, please note that you have to do this on all instances!

Related Solutions

Mac OS X Server 10.6.7: Disable Apache

If this is OS X Server (i.e. the server product, not the regular desktop OS), turn off the web service in either Server Preferences or Server Admin.

Server balks at reading the web settings

I finally have had the chance to blow away this pesky server and no amount of digging yielded a clue how to avoid a reset of www - so that's what I did. I had since updated it to 10.7.5 Build 11G63 and the errors persisted on managing the web service.

I shut down all services except for File Sharing, DNS and Open Directory and did the following steps to force down apache and force a reset. Even trying to stop the web service using sudo serveradmin stop web kept failing with the errors above about xswebconfig and undefined methods of nil classes.

sudo apachectl stop 
sudo serveradmin command web:command=restoreFactorySettings
sudo serveradmin start web

At this point refreshing the Server app corrected the errors reading the settings. Thanks to this hint on cleaning up apache to get me most of the way to my solution.

Best Answer

Related Solutions

Mac OS X Server 10.6.7: Disable Apache

Server balks at reading the web settings

Related Question