HostOnNet Blog

Disable SSL v3.0 on Cpanel Server

SSL v3.0 is vulnerable to POODLE attack and should be disabled.

To disable SSL v3.0 on Cpanel Servers, go to

WHM > Service Configuration > Apache Configuration


Click on Include Editor.


Under Pre Min Include, select All Versions from drop down, paste following.

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Click Update

On Next page, you will be asked to Restart Apache Server.

Disable SSL v3.0 on Ubuntu/CentOS Servers

To disable SSL v3.0 on servers with no control panel, you can edit your Apache configuration file. Add following lines

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Restart Apache Web Server. For, i have following Apache Configuration

<VirtualHost *:443>
    DocumentRoot /home/
    ErrorLog ${APACHE_LOG_DIR}/
    CustomLog ${APACHE_LOG_DIR}/ combined
    SSLEngine on
    SSLCertificateFile  /etc/ssl/certs/
    SSLCertificateKeyFile /etc/ssl/private/
    SSLCACertificateFile /etc/apache2/ssl.crt/
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    SSLHonorCipherOrder On
    SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
    <Directory "/home/">
        Options All
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all

Verify SSL v3.0 Disabled

You can check if your SSL certificate is secure at

If you have SSL v3.0 Enabled, you will see something like


Once SSL v3.0 disabled on your server, it will show like


Verify SSL v3.0 Disabled using Command Line

To check if SSL v3.0 is disabled, run command

openssl s_client -connect -ssl3 | grep SSL3 | grep failure

You should see something like following

$ openssl s_client -connect -ssl3 | grep SSL3 | grep failure
140253028181664:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40
140253028181664:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

Posted in Cpanel Server