Knowledge Base

Depending on how your Apache servers are configured, you may need to disable SSL v3.

Older versions of Internet Explorer may not have the TLS protocol enabled by default. If you disable SSL versions 2.0 and 3.0, the older versions of Internet Explorer will need to enable the TLS protocol before they can connect to your site.

Apache: How to Disable the SSL v3 Protocol

1. Locate your SSL Protocol Configuration on your Apache server.

   For example,

   1. Type one of the following commands:

      grep -i -r "SSLProtocol" /etc/apache2
      or
      grep -i -r "SSLProtocol" /etc/httpd

      In these examples, /etc/apache2 and /etc/httpd are the base directory for an Apache installation.

      For a list of default base directories and installation layouts in Apache HTTPD for different operating systems, see DistrosDefaultLayout.

      If that command doesn’t find the “SSLProtocol” string, then look for SSLEngine by typing one of the following commands:

      grep -i -r "SSLEngine" /etc/apache2
      or
      grep -i -r "SSLEngine" /etc/httpd

   2. The command will output the available Virtual Hosts or your config file.

   3. Open the config file or Virtual Host for which you are disabling the SSL v3 protocol.

2. Add or update the following lines in your configuration:

   SSLProtocol all -SSLv2 -SSLv3

   Note: If you used the grep -i -r "SSLEngine"… command, you need to search for “SSLEngine On” and add SSLProtocol all -SSLv2 -SSLv3 in the line beneath it.

3. Restart Apache.
   For example, type the following command:

   apachectl -k restart

4. You have successfully disabled the SSL v3 protocol.