Running a server or even a client that uses SSLv3 is an insecure protocol (man in the middle POODLE attack is possible). You really don't want to have that on your server! Perhaps if you explain why you believe you need it folks can help with a secure strategy to assist. See this for reference:
> I am trying to use Apache2 on Ubuntu. When I try running Apache2, it
> throws up an error:
> SSLv3 not supported by this version of OpenSSL. I tried installing
> latest version of OpenSSL by using (sudo apt-get install openssl) on
> Ubuntu. However the same error persist.
> Any idea how do I resolve the error?
Please check if you Apache configuration explicitly requests use of
the mostly outdated SSLv3. Such a configuration setting may be
left over from years ago when SSLv3 was still a good thing to use.
SSLv3 is has many protocol design security holes that cannot be
fixedwithout switching to a later SSL version, such as TLS
1.0/1.1/1.2 etc. These bugs are not in OpenSSL, but in the
protocol standard itself.
Unfortunately there are still a few old web browsers that only
support SSLv3, but only if you absolutely have to support those
should you set up a way to use SSLv3 on your web server.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded