Tech Tip: How to disable SSLv2/SSLv3 in  eHealth (POODLE Security Vulnerability)

Document created by hilmarpreusse on Oct 23, 2014Last modified by SamCreek on Dec 17, 2016
Version 3Show Document
  • View in full screen mode

The httpd.conf of eHealth Apache is auto generated, you must not touch it manually. Hence one can't simply put the usual line "SSLProtocol All -SSLv2 -SSLv3" into it. Fortunately you can put custom lines into the file. There is a file called httpd.tpl in $NH_HOME/web/httpd . Normally I just consists of comments:

 

# Custom Protect Section

# End Custom Protect Section

 

Put the SSLProtocol... from above between these two lines and regenerate the httpd.conf using the nhWebProtocol -mode https... . Then the line SSLProtocol ... will be two times in your config file, but the custom line is below the default line and is the relevant line.

Attachments

    Outcomes