DEVHIDE
Login Or Sign up

POODLE SSLv3 Vulnerability still testing failed

455 Views Asked by At

I am running my websites on a Linux Plesk 12.0 server. I have read several articles about fixing the POODLE vulnerability by disabling SSLv3, and I have followed all instructions on the following article to disable it on my server.

http://kb.sp.parallels.com/en/123160

The problem is when I do this, I run the test specified in the article and it says that I have SSLv3 disabled. But when I run a test on one of the online tests it fails - I have been testing it on the https://www.ssllabs.com/ssltest/ website.

Does anyone have any ideas why none of the changes I have made are making a difference and why I am still vulnerable?

Note: I also had a security firm look into this and they said that a bunch of my ciphers are still vulnerable which could be the reason. If so does anybody know how to close them? See below:

[34mSupported Server Cipher(s):[0m
Failed    SSLv3  256 bits  ECDHE-RSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDHE-RSA-AES256-SHA384
Failed    SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA384
Accepted  SSLv3  256 bits  ECDHE-RSA-AES256-SHA
Rejected  SSLv3  256 bits  ECDHE-ECDSA-AES256-SHA
Failed    SSLv3  256 bits  SRP-DSS-AES-256-CBC-SHA
Failed    SSLv3  256 bits  SRP-RSA-AES-256-CBC-SHA
Failed    SSLv3  256 bits  SRP-AES-256-CBC-SHA
Failed    SSLv3  256 bits  DHE-DSS-AES256-GCM-SHA384
Failed    SSLv3  256 bits  DHE-RSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  DHE-RSA-AES256-SHA256
Failed    SSLv3  256 bits  DHE-DSS-AES256-SHA256
Accepted  SSLv3  256 bits  DHE-RSA-AES256-SHA
Rejected  SSLv3  256 bits  DHE-DSS-AES256-SHA
Accepted  SSLv3  256 bits  DHE-RSA-CAMELLIA256-SHA
Rejected  SSLv3  256 bits  DHE-DSS-CAMELLIA256-SHA
Rejected  SSLv3  256 bits  AECDH-AES256-SHA
Failed    SSLv3  256 bits  ADH-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ADH-AES256-SHA256
Rejected  SSLv3  256 bits  ADH-AES256-SHA
Rejected  SSLv3  256 bits  ADH-CAMELLIA256-SHA
Failed    SSLv3  256 bits  ECDH-RSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDH-ECDSA-AES256-GCM-SHA384
Failed    SSLv3  256 bits  ECDH-RSA-AES256-SHA384
Failed    SSLv3  256 bits  ECDH-ECDSA-AES256-SHA384
Rejected  SSLv3  256 bits  ECDH-RSA-AES256-SHA
Rejected  SSLv3  256 bits  ECDH-ECDSA-AES256-SHA
Failed    SSLv3  256 bits  AES256-GCM-SHA384
Failed    SSLv3  256 bits  AES256-SHA256
Accepted  SSLv3  256 bits  AES256-SHA
Accepted  SSLv3  256 bits  CAMELLIA256-SHA
Failed    SSLv3  256 bits  PSK-AES256-CBC-SHA
Accepted  SSLv3  168 bits  ECDHE-RSA-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ECDHE-ECDSA-DES-CBC3-SHA
Failed    SSLv3  168 bits  SRP-DSS-3DES-EDE-CBC-SHA
Failed    SSLv3  168 bits  SRP-RSA-3DES-EDE-CBC-SHA
Failed    SSLv3  168 bits  SRP-3DES-EDE-CBC-SHA
Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
Rejected  SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
Rejected  SSLv3  168 bits  AECDH-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ADH-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ECDH-RSA-DES-CBC3-SHA
Rejected  SSLv3  168 bits  ECDH-ECDSA-DES-CBC3-SHA
Accepted  SSLv3  168 bits  DES-CBC3-SHA
Failed    SSLv3  168 bits  PSK-3DES-EDE-CBC-SHA
Failed    SSLv3  128 bits  ECDHE-RSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDHE-RSA-AES128-SHA256
Failed    SSLv3  128 bits  ECDHE-ECDSA-AES128-SHA256
Accepted  SSLv3  128 bits  ECDHE-RSA-AES128-SHA
Rejected  SSLv3  128 bits  ECDHE-ECDSA-AES128-SHA
Failed    SSLv3  128 bits  SRP-DSS-AES-128-CBC-SHA
Failed    SSLv3  128 bits  SRP-RSA-AES-128-CBC-SHA
Failed    SSLv3  128 bits  SRP-AES-128-CBC-SHA
Failed    SSLv3  128 bits  DHE-DSS-AES128-GCM-SHA256
Failed    SSLv3  128 bits  DHE-RSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  DHE-RSA-AES128-SHA256
Failed    SSLv3  128 bits  DHE-DSS-AES128-SHA256
Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
Rejected  SSLv3  128 bits  DHE-DSS-AES128-SHA
Rejected  SSLv3  128 bits  DHE-RSA-SEED-SHA
Rejected  SSLv3  128 bits  DHE-DSS-SEED-SHA
Accepted  SSLv3  128 bits  DHE-RSA-CAMELLIA128-SHA
Rejected  SSLv3  128 bits  DHE-DSS-CAMELLIA128-SHA
Rejected  SSLv3  128 bits  AECDH-AES128-SHA
Failed    SSLv3  128 bits  ADH-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ADH-AES128-SHA256
Rejected  SSLv3  128 bits  ADH-AES128-SHA
Rejected  SSLv3  128 bits  ADH-SEED-SHA
Rejected  SSLv3  128 bits  ADH-CAMELLIA128-SHA
Failed    SSLv3  128 bits  ECDH-RSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDH-ECDSA-AES128-GCM-SHA256
Failed    SSLv3  128 bits  ECDH-RSA-AES128-SHA256
Failed    SSLv3  128 bits  ECDH-ECDSA-AES128-SHA256
Rejected  SSLv3  128 bits  ECDH-RSA-AES128-SHA
Rejected  SSLv3  128 bits  ECDH-ECDSA-AES128-SHA
Failed    SSLv3  128 bits  AES128-GCM-SHA256
Failed    SSLv3  128 bits  AES128-SHA256
Accepted  SSLv3  128 bits  AES128-SHA
Rejected  SSLv3  128 bits  SEED-SHA
Accepted  SSLv3  128 bits  CAMELLIA128-SHA
Failed    SSLv3  128 bits  PSK-AES128-CBC-SHA
Rejected  SSLv3  128 bits  ECDHE-RSA-RC4-SHA
Rejected  SSLv3  128 bits  ECDHE-ECDSA-RC4-SHA
Rejected  SSLv3  128 bits  AECDH-RC4-SHA
Rejected  SSLv3  128 bits  ADH-RC4-MD5
Rejected  SSLv3  128 bits  ECDH-RSA-RC4-SHA
Rejected  SSLv3  128 bits  ECDH-ECDSA-RC4-SHA
Rejected  SSLv3  128 bits  RC4-SHA
Rejected  SSLv3  128 bits  RC4-MD5
Failed    SSLv3  128 bits  PSK-RC4-SHA
Rejected  SSLv3  56 bits   EDH-RSA-DES-CBC-SHA
Rejected  SSLv3  56 bits   EDH-DSS-DES-CBC-SHA
Rejected  SSLv3  56 bits   ADH-DES-CBC-SHA
Rejected  SSLv3  56 bits   DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-EDH-RSA-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-EDH-DSS-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-ADH-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-DES-CBC-SHA
Rejected  SSLv3  40 bits   EXP-RC2-CBC-MD5
Rejected  SSLv3  40 bits   EXP-ADH-RC4-MD5
Rejected  SSLv3  40 bits   EXP-RC4-MD5
Rejected  SSLv3  0 bits    ECDHE-RSA-NULL-SHA
Rejected  SSLv3  0 bits    ECDHE-ECDSA-NULL-SHA
Rejected  SSLv3  0 bits    AECDH-NULL-SHA
Rejected  SSLv3  0 bits    ECDH-RSA-NULL-SHA
Rejected  SSLv3  0 bits    ECDH-ECDSA-NULL-SHA
Failed    SSLv3  0 bits    NULL-SHA256
Rejected  SSLv3  0 bits    NULL-SHA
Rejected  SSLv3  0 bits    NULL-MD5

Thanks a lot!

openssl plesk poodle-attack
Original Q&A
1

There are 1 best solutions below

1
On BEST ANSWER

Please use following method:

  1. Set disablesslv3 parameter:

mysql -uadmin -pcat /etc/psa/.psa.shadow -Dpsa -e "insert into misc values('disablesslv3', 'true')"

  1. Regenerate configs:

/usr/local/psa/admin/bin/httpdmng --reconfigure-all

  1. Check results:

cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols

Related Questions in OPENSSL

Related Questions in PLESK

Related Questions in POODLE-ATTACK

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.