Have you already heard about the recent vulnerability in SSL called Poodle?
As well as other big companies like Akamai, Google or Twitter we have also disabled SSL 3.0 support in our network.
We recommend to take this vulnerability seriously and to disable SSL 3.0 on your own servers and browsers.
How to check if my server is vulnerable?
Run the following command in your terminal:
openssl s_client -connect your-website.com:443 -ssl3
If you receive an error response like this:
26373:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1099:SSL alert number 40 26373:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:536:
Then everything is fine. But if the above command downloads your SSL certificate then you are Poodle vulnerable.
How to disable SSL 3.0 on my server?
To disable SSL 3.0 on your server add the following to your Apache configuration:
SSLProtocol All -SSLv2 -SSLv3
or the following to your NginX configuration
ssl_protocols TLSv1 TLSv1.1 TLSv1.2
How to disable SSL 3.0 in my browser?
Most of the recent browsers have the option to disable SSL 3.0. For example for Firefox it is located at:
Preferences -> Advanced -> Encryption
Sincerely your CDNsun team.