Apache - Disable SSL 2.0 and SSL 3.0

Last updated on 28 Sep 2023, 10:23:07.
Category: All about SSL certificates | SSL configuration

Apache SSL SSL v2 SSL v3

This article shows you how to disable the SSL 2.0 and SSL 3.0 protocols on your Apache web server

Why disable SSL v2 en SSL v3?

SSL 2.0 and SSL 3.0 are obsolete versions of the SSL protocol that have long since been superseded by the more secure Transport Layer Security (TLS) protocol, dat betere beveiliging biedt. In addition, a SSL 3.0 security flaw nicknamed POODLE was discovered in 2014, allowing an attacker to completely circumvent SSL security. Your Apache web server shouldn't be serving those protocols for better security.

Step 1: Find all SSL sites on Apache

Unless you only need to modify one site, in which case you can just open the virtual hosts file you need, try to find all SSL websites with the following command, executed in the root directory of your Apache installation:

grep -r SSLEngine *

This will list all SSL VirtualHost blocks you need to modify. Note that your Apache installation directory may differ according to you distribution. The most common locations are:

  • /etc/httpd for Red Hat, CentOs, Fedora and many other distributions
  • /etc/apache2 for Debian, Ubuntu and Debian derivates

Step 2: Modify the virtual hosts

Using vi or your favourite text editor, add or modify the following line in each VirtualHost block that needs updating:

SSLProtocol all -SSLv2 -SSLv3

Step 3: Restart Apache

Restart Apache with one of the following commands:

/etc/init.d/httpd restart
service httpd restart
apachectl -k restart

Related articles

Order an SSL certificate? What is an SSL certificate?

You need to order an SSL certificate? But what is an SSL certificate? And why is everyone saying that it...

Read more

SHA1, SHA2 and SHA256 SSL algorithms

SHA is a mathematical algorithm used in SSL encryption to verify the validity of the certificate's signature. Different iterations of...

Read more

Why do I see a yellow warning triangle on an HTTPS secured website?

The yellow warning triangle you may see when visiting a webpage that's secured with SSL, is an indication that Google...

Read more

Need extra help?

Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!

Select your language

All languages: