How to disable sslv3 in apache-Apache-php.cn

Home

Operation and Maintenance

Apache

How to disable sslv3 in apache

王林

Dec 25, 2020 am 11:04 AM

apache

How to disable sslv3 in apache

Introduction:

ssl 3.0 is considered unsafe because it uses RC4 encryption or CBC mode encryption, and the former is susceptible to bias attacks, while the latter Leads to POODLE attack.

In production environments, this vulnerability is often scanned. The solution is to disable the protocol on the apache server.

(Learning video sharing: Programming video)

1. Environment preparation

Understand SSL and TLS: http is used in the data transmission process. Plain text, in order to solve this problem https came into being, and ssl is an encryption protocol based on https. When SSL was updated to version 3.0, IETF (Internet Engineering Task Force) standardized SSL3.0. The standardized protocol is TLS1.0, so TLS is the standardized product of SSL. TLS currently has 1.0, 1.1, There are three versions of 1.2, and 1.0 is used by default. At this point we have a basic understanding of SSL and TLS.

The server operating environment required for the web server to support TLS1.2:

Apache对应版本应>=2.2.23;
OpenSSL对应版本应>= 1.0.1

View the current server apache version

[root@host-192-168-149-10 conf.d]# httpd -v
Server version: Apache/2.4.29 (Unix)
Server built:   Jan 22 2018 16:51:25

openssl version

[root@host-192-168-149-10 conf.d]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

2. Environment rectification

Test domain names with security vulnerabilities. Access through sslv3 as follows can return information normally. Attackers may use this vulnerability to harm the system.

[root@host-192-168-149-10 conf.d]# curl  --sslv3 https://cs.df230.xyz/test/api/configs/fedch/all
{
  "overdue" : false,
  "success" : true,
  "errorCode" : null,
  "message" : "请求成功",
  "data" : {
    "global" : {
      "copyright" : "功能清单",
}

apache supports SSLv3, TLSv1, TLSv1.1, TLSv1.2 protocols by default

(Note: the ssl function needs to enable LoadModule ssl_module modules/mod_ssl.so in http.conf)

The default configuration of apache is as follows

SSLProtocol All -SSLv2

Enter the directory /usr/local/apache/conf/extra

vi modify ssl.conf as follows to close the sslv3 protocol

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLProtocol TLSv1.2

After the configuration is saved, service httpd restart is required to restart apache to make the configuration take effect

Test sslv3 access again, unable to access

[root@host-192-168-149-10 conf.d]# curl  --sslv3 https://cs.df230.xyz/test/api/configs/fedch/al
curl: (35) SSL connect error

Enter development mode through Google browser F12, you can see the browsing The SSL protocol used by the server to access the current domain name is TLS1.2.

How to disable sslv3 in apache

At this point, the vulnerability rectification is completed, so easy!

Related recommendations: apache tutorial

The above is the detailed content of How to disable sslv3 in apache. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:csdn. If there is any infringement, please contact admin@php.cn delete

Apache's Continuing Importance: Reasons for Its LongevityApr 22, 2025 am 12:08 AM

Reasons for Apache's continued importance include its diversity, flexibility, strong community support, widespread use and high reliability in enterprise-level applications, and continuous innovation in emerging technologies. Specifically, 1) The Apache project covers multiple fields from web servers to big data processing, providing rich solutions; 2) The global community of the Apache Software Foundation (ASF) provides continuous support and development momentum for the project; 3) Apache shows high stability and scalability in enterprise-level applications such as finance and telecommunications; 4) Apache continues to innovate in emerging technologies such as cloud computing and big data, such as breakthroughs from ApacheFlink and ApacheArrow.

Beyond the Hype: Assessing Apache's Current RoleApr 21, 2025 am 12:14 AM

Apache remains important in today's technology ecosystem. 1) In the fields of web services and big data processing, ApacheHTTPServer, Kafka and Hadoop are still the first choice. 2) In the future, we need to pay attention to cloud nativeization, performance optimization and ecosystem simplification to maintain competitiveness.

Apache's Impact: Web Hosting and Content DeliveryApr 20, 2025 am 12:12 AM

ApacheHTTPServer has a huge impact on WebHosting and content distribution. 1) Apache started in 1995 and quickly became the first choice in the market, providing modular design and flexibility. 2) In web hosting, Apache is widely used for stability and security and supports multiple operating systems. 3) In terms of content distribution, combining CDN use improves website speed and reliability. 4) Apache significantly improves website performance through performance optimization configurations such as content compression and cache headers.

Apache's Role: Serving HTML, CSS, JavaScript, and MoreApr 19, 2025 am 12:09 AM

Apache can serve HTML, CSS, JavaScript and other files. 1) Configure the virtual host and document root directory, 2) receive, process and return requests, 3) use .htaccess files to implement URL rewrite, 4) debug by checking permissions, viewing logs and testing configurations, 5) enable cache, compressing files, and adjusting KeepAlive settings to optimize performance.

What Apache is Known For: Key Features and AchievementsApr 18, 2025 am 12:03 AM

ApacheHTTPServer has become a leader in the field of web servers for its modular design, high scalability, security and performance optimization. 1. Modular design supports various protocols and functions by loading different modules. 2. Highly scalable to adapt to the needs of small to large applications. 3. Security protects the website through mod_security and multiple authentication mechanisms. 4. Performance optimization improves loading speed through data compression and caching.

The Enduring Relevance of Apache: Examining Its Current StatusApr 17, 2025 am 12:06 AM

ApacheHTTPServer remains important in modern web environments because of its stability, scalability and rich ecosystem. 1) Stability and reliability make it suitable for high availability environments. 2) A wide ecosystem provides rich modules and extensions. 3) Easy to configure and manage, and can be quickly started even for beginners.

Apache's Popularity: Reasons for Its SuccessApr 16, 2025 am 12:05 AM

The reasons for Apache's success include: 1) strong open source community support, 2) flexibility and scalability, 3) stability and reliability, and 4) a wide range of application scenarios. Through community technical support and sharing, Apache provides flexible modular design and configuration options, ensuring its adaptability and stability under a variety of needs, and is widely used in different scenarios from personal blogs to large corporate websites.

Apache's Legacy: What Made It Famous?Apr 15, 2025 am 12:19 AM

Apachebecamefamousduetoitsopen-sourcenature,modulardesign,andstrongcommunitysupport.1)Itsopen-sourcemodelandpermissiveApacheLicenseencouragedwidespreadadoption.2)Themodulararchitectureallowedforextensivecustomizationandadaptability.3)Avibrantcommunit

See all articles