Announcement - Disable of SSLV3 in Linux server with cPanel
Dear Valued Customers,
* * *Only clients run in Linux servers with cPanel will be affected ***
Why Exabytes sugges to disable SSLV3 on all Linux servers with cPanel?
SSLv3 is vulnerable and obsolete. Poodle Attack allows an attacker to read encrypted information using man-in-the-middle attack.
To protect against attacks on common server applications, the workaround is to disable SSLv3.
What is Poodle Attack?
POODLE (Padding Oracle On Downgraded Legacy Encryption) is a security vulnerability that forces the downgrade of negotiated session protocol to SSLv3.
It interrupt the handshake between the client (browser) and servers (Website) and all major browsers voluntarily downgrade to SSL 3.0 if the handshakes with newer version of TLS fail.
The attacker will exploit the vulnerability in SSLV3 to compromise once the protocol downgrade is successful.
Here is the protocol according to their development year.
SSL 2.0 Year 1995
SSL 3.0 Year 1996
TLS 1.0 Year 1999
TLS 1.1 Year 2006
TLS 1.2 Year 2008
Our team will contact those affected dedicated servers, VPS and Cloud clients to schedule a suitable time for perform system update, and services SSL cipher update then restart the services.
Clients will not face any downtime during the maintenance.
Technical Support Department