Hi, We've been stumped by a configuration problem of our Apache 2.4 server, on CentOS 7.
Our goal is to prevent the Poodle vulnerability by removing the SSLv3 protocol. But it seems this directive is not taking any effect: SSLProtocol All -SSLv3 It's located within a VirtualHost context (in /etc/httpd/conf.d/example.com.conf): <VirtualHost 123.456.789.01:443> SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:$ SSLHonorCipherOrder on And the default (in /etc/httpd/conf.d/ssl.conf) <VirtualHost _default_:443> SSLProtocol All -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!$ SSLHonorCipherOrder on We have of course restarted Apache, but tests show that SSLv3 is still enabled. I'm certain this is a simple problem, but the logs are silent about this (at LogLevel debug), and we are not able to solve it. Thanks, François
