SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

lorio

Well-Known Member
Feb 25, 2004
313
22
168
cPanel Access Level
Root Administrator
OpenSSL> version
OpenSSL 1.0.1e-fips 11 Feb 2013
Was there a backported patch applied?
[CentOS-announce] CESA-2014:1652 Important CentOS 6 openssl Security Update

rpm -q --changelog openssl

* Wed Oct 15 2014 Tomáš Mráz <[email protected]> 1.0.1e-30.2
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
(padding attack on SSL3)
 

sneader

Well-Known Member
Aug 21, 2003
1,195
66
178
La Crosse, WI
cPanel Access Level
Root Administrator
Thanks, lorio, for the reminder on checking for the back porting. I'm seeing the same as you are, so I should be good to go!

- Scott
 

frogstarr78

Member
Apr 11, 2013
8
0
1
cPanel Access Level
DataCenter Provider
Anyone mention it's probably either a matter of updating Firefox or disabling SSLv3 Support on the client in order to get it to work after disabling SSLv3 on the WHM/cPanel ports?

I've successfully disabled SSLv2 on ports 2087, 2083, and 2082, on several servers, and have no issue with firefox accessing them.

How to disable SSLv3 in Firefox: https://zmap.io/sslv3/browsers.html
or: https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/?src=api
 

launch

Registered
Nov 12, 2014
4
0
51
cPanel Access Level
Root Administrator
Hi rohroh1974, have you managed to fix this? I have exactly the same problem

- - - Updated - - -

OK upon further investigation I think i may have found the issue. Centos 5 only appears to be using OpenSSL 0.9.8 as its usual repo-based installation. By removing SSLv3 it appears that OpenSSL has No ciphers that can be used.



if i remove the -SSLv3 option i get the following




Please correct me if i am wrong but it appears that 0.9.8 doesn't have any ciphers at all that don't contain SSLv3 in the ident....
Hi Rowan, have you managed to fix this? I have exactly the same problem.