Disable SSL v3.0 on Cpanel Server

SSL v3.0 is vulnerable to POODLE attack and should be disabled.

To disable SSL v3.0 on Cpanel Servers, go to

WHM > Service Configuration > Apache Configuration


Click on Include Editor.


Under Pre Min Include, select All Versions from drop down, paste following.

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Click Update

On Next page, you will be asked to Restart Apache Server.

Disable SSL v3.0 on Ubuntu/CentOS Servers

To disable SSL v3.0 on servers with no control panel, you can edit your Apache configuration file. Add following lines

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Restart Apache Web Server. For manage.hostonnet.com, i have following Apache Configuration

<VirtualHost *:443>
    ServerName manage.hostonnet.com
    ServerAdmin admin@hostonnet.com
    DocumentRoot /home/manage.hostonnet.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/manage.hostonnet.com-ssl_error.log
    CustomLog ${APACHE_LOG_DIR}/manage.hostonnet.com-ssl_access.log combined
    SSLEngine on
    SSLCertificateFile  /etc/ssl/certs/manage.hostonnet.com.pem
    SSLCertificateKeyFile /etc/ssl/private/manage.hostonnet.com.key
    SSLCACertificateFile /etc/apache2/ssl.crt/manage.hostonnet.com-ca-bundle.crt
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    SSLHonorCipherOrder On
    SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
    <Directory "/home/manage.hostonnet.com/public_html">
        Options All
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all

Verify SSL v3.0 Disabled

You can check if your SSL certificate is secure at


If you have SSL v3.0 Enabled, you will see something like


Once SSL v3.0 disabled on your server, it will show like


Verify SSL v3.0 Disabled using Command Line

To check if SSL v3.0 is disabled, run command

openssl s_client -connect www.yourdomain.com:443 -ssl3 | grep SSL3 | grep failure

You should see something like following

$ openssl s_client -connect www.hostonnet.com:443 -ssl3 | grep SSL3 | grep failure
140253028181664:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40
140253028181664:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

Posted in Cpanel Server