Advisory: Disable SSLv3

After learning about the POODLE attack this week, I highly advise everyone to disable SSLv3 support.

If you're using nginx, look for your SSL protocol declarations. They should look something similar to:

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;  

Update the line to:

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;  # don’t use SSLv3 ref: POODLE  

Reload nginx:

$ service nginx reload

Afterwards, you can use SSL Labs' SSL Server Test to perform a deep analysis of your configuration.

Alex Ho

Alex is the Lead Developer at NYCEDC working as a front-end/back-end developer and sysadmin. He has a Graphic Design certification from NYU and is a UX practitioner.