Some days you just want to quickly edit a bunch of config files in one go.
One of the reasons I use Ubuntu LTS is that it’s got long term support (<light sarcasm>is that why it’s got LTS in the name?</light sarcasm>) and I make configuration templates that I just reuse in all the places. Poodle was announced and the short of it is that you need to disable the SSLv3 protocol on your web server.
No big deal. Visit your sites-available directory and change “SSLProtocol All -SSLv2” to add “-SSLv3” at the end. 17 times.
*Drinks more coffee and makes that face*
Or you know, run this command after checking you have “SSLProtocol All -SSLv2” in those mod_ssl config files.
sed -i.bak -e 's/SSLProtocol All -SSLv2$/SSLProtocol All -SSLv2 -SSLv3/g' *.conf
The -i.bak is to create unedited copies because bad things do happen to nice people.
Once I made sure that the files were edited I ran these commands to restart the web server and test.
service apache2 restart openssl s_client -connect blog.dembowski.net:443 -ssl3
I promptly saw this line.
140496364975776:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
And all was right in the world. I deleted the .bak files and finished my coffee.
Categories: Geek
