18 October 2014
Here’s a few useful snippets from my experience with it this week:
Make sure the combination you have for the SSLProtocol line disables SSLv2 and v3 - something like:
SSLProtocol All -SSLv2 -SSLv3
Ensure your crypto profiles have SSLv2 and v3 disabled in the options line:
If you have problems with handshakes from Java client process force the protocols to use with
Make sure the ssl_protocols line in your SSL configuration doesn’t have SSLv3 in it.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Make sure you don’t have secureProtocol:SSLv3_method anywhere in https options - use TLSv1_method instead if it’s really needed.