SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information.Under RHEL 6.5 with Apache httpd, edit /etc/httpd/conf.d/ssl.conf and make sure the protocol line disables both SSLv2 and SSLv3:
SSLProtocol all -SSLv2 -SSLv3or you can just specify TLS only:
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2Ars Technica has a good explanation.
Scott Helme has a good run down on how to fix this issue, for various servers and browsers.
