<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/">
<head>
<title>How to secure your ISPConfig 3 server against the poodle SSL attack | HowtoForge - Linux Howtos and Tutorials</title>
<meta http-equiv="X-UA-Compatible" content="IE=8"/>
<base href="http://www.howtoforge.com/" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="keywords" content="server, ssl, secure, pure-ftpd, ispconfig, debian, pdf, attack, poodle, registered, dovecot, sslv2, setting, sslv3, ubuntu, tlsv1, courier, nginx, 2014-10-17, service, line, correct, option, 2014-10-16, ftp, postfix, tls, think, tlsciphersuite, ssl_protocols, nano, apache, mysql, imap, protocols, sslprotocol, configuration, webserver, pure-ftpd-mysql, lines, dont, work, medium, log, protocol, config, changes, daemon, pure-ftpd-wrapper, apply, support, pop3, sslv2 sslv3, tlsv1 sslv2, medium tlsv1, sslprotocol setting, tlsv1 sslv2 sslv3, medium tlsv1 sslv2" />
<meta name="description" content="How to secure your ISPConfig 3 server against the poodle SSL attack" />
<link rel="stylesheet" type="text/css" media="all" href="http://static.howtoforge.com/misc/drupal.css" />
<link rel="stylesheet" type="text/css" media="all" href="http://static.howtoforge.com/modules/copyright/copyright.css" />
<link rel="stylesheet" type="text/css" media="screen" href="http://static.howtoforge.com/modules/taxonomy_dhtml/menuExpandable3.css" />
<script type="text/javascript" src="http://static.howtoforge.com/modules/taxonomy_dhtml/menuExpandable3.js"></script>
<link rel="stylesheet" type="text/css" media="all" href="http://static.howtoforge.com/modules/trip_search/tripsearch.css" />
<link rel="stylesheet" type="text/css" media="all" href="http://static.howtoforge.com/modules/userinfo/userinfo.css" />
<link rel="stylesheet" type="text/css" media="screen" href="http://static.howtoforge.com/themes/htf_glass/screen.css" />
<link rel="stylesheet" type="text/css" media="all" href="/themes/htf_glass/style-1.1.9.css" /><link rel="stylesheet" type="text/css" media="all" href="http://static.howtoforge.com/jquery/thickbox.css" />
<meta name="verify-v1" content="zcX/aIYg9nclzOvdOVQIp3QrZq39IvEyFGwIoFl9YUQ=" />
<style type="text/css">
#BAP-holder {display:none;}
</style>
<link href="https://plus.google.com/106734490838285450112" rel="publisher" />
</head>
<body >
<!-- closes #header-->
<!-- START: HEADER -->
<div id="wrapper1">
<div id="wrapper2">
<div class="header" id="header">
<div class="auxnav">
<ul>
<li><a href="forums/register.php" title="Register">Register</a></li>
<li><a href="index.php?q=user/login" title="Login">Login</a></li>
<li class="auxnavcontr"><a href="add_howto" title="Contribute">Contribute</a></li>
<li class="auxnavsubs"><a href="subscription" title="Subscribe">Subscribe</a></li>
<li><a href="feed.rss" title="RSS Feed">RSS</a></li>
</ul>
</div>
<h1><span> </span></h1>
<div class="headerpadding">
<div id="site-name"><a href="" title="Home"><img
src="http://static.howtoforge.com/themes/htf_glass/images/howtoforge_logo_trans.gif" alt="HowtoForge - Linux Howtos and Tutorials Logo" width="215" height="64" /></a></div>
<ul id="primary">
<li><a href="http://lxer.com" target="_blank">News</a></li>
<li><a href="http://www.faqforge.com/" target="_blank">FAQForge</a></li>
<li><a href="http://www.ispconfig.org/" target="_blank">ISPConfig</a></li>
<li><a href="http://www.howtoforge.com/subscription">Subscribe</a></li>
<li><a href="add_howto">Contribute</a></li>
<!--<li><a href="trip_search">Search</a></li>-->
<li><a href="forums">Forums</a></li>
<li><a href="howtos">Howtos</a></li>
</ul>
<form action="/trip_search" method="post" id="search">
<input type="text" size="15" value="" name="keys" id="keys" class="form-text" /> <input type="image" src="http://static.howtoforge.com/themes/htf_glass/images/search.gif" class="form-submit" />
</form>
</div>
</div>
<!-- END: HEADER-->
<hr class="hide" />
<div class="columns">
<div class="leftcolumn sidebar">
<div class="leftpadding">
<div class="block block-sidecontent">
<h2>Options For This Howto</h2>
<div class="content"><table width="140"><tr><td><ul style="list-style-image:url(images/pointer.gif);">
<li><a href="/forums">Free Support</a><br /></li>
<li><a target="_blank" href="http://www.projektfarm.de/contact_nav.html">Paid Support</a></li>
</ul></td></tr></table></div>
</div><div class="block block-user">
<h2>Navigation</h2>
<div class="content"><div class="menu">
<ul>
<li class="expanded"><a href="howtos" title="">Howtos</a>
<ul>
<li class="expanded"><a href="howtos/linux" title="">Linux</a>
<ul>
<li class="leaf"><a href="howtos/linux/android">Android</a></li>
<li class="leaf"><a href="howtos/linux/centos">CentOS</a></li>
<li class="leaf"><a href="howtos/linux/debian">Debian</a></li>
<li class="leaf"><a href="howtos/linux/fedora">Fedora</a></li>
<li class="leaf"><a href="howtos/linux/kernel">Kernel</a></li>
<li class="leaf"><a href="howtos/linux/mandriva">Mandriva</a></li>
<li class="leaf"><a href="howtos/linux/pclinuxos">PCLinuxOS</a></li>
<li class="leaf"><a href="howtos/linux/suse">SuSE</a></li>
<li class="leaf"><a href="howtos/linux/ubuntu">Ubuntu</a></li>
</ul>
</li>
<li class="expanded"><a href="howtos/web-server" title="">Web Server</a>
<ul>
<li class="leaf"><a href="howtos/web-server/apache">Apache</a></li>
<li class="leaf"><a href="howtos/web-server/cherokee">Cherokee</a></li>
<li class="leaf"><a href="howtos/web-server/lighttpd">Lighttpd</a></li>
<li class="leaf"><a href="howtos/web-server/nginx">nginx</a></li>
</ul>
</li>
<li class="leaf"><a href="howtos/backup">Backup</a></li>
<li class="expanded"><a href="howtos/control-panels" title="">Control Panels</a>
<ul>
<li class="leaf"><a href="howtos/control-panels/ispconfig">ISPConfig</a></li>
</ul>
</li>
<li class="expanded"><a href="howtos/dns" title="">DNS</a>
<ul>
<li class="leaf"><a href="howtos/dns/bind">BIND</a></li>
<li class="leaf"><a href="howtos/dns/mydns">MyDNS</a></li>
<li class="leaf"><a href="howtos/dns/powerdns">PowerDNS</a></li>
<li class="leaf"><a href="howtos/dns/djbdns">djbdns</a></li>
</ul>
</li>
<li class="leaf"><a href="howtos/desktop">Desktop</a></li>
<li class="expanded"><a href="howtos/email" title="">Email</a>
<ul>
<li class="leaf"><a href="howtos/email/antispam-antivirus">Anti-Spam/Virus</a></li>
<li class="leaf"><a href="howtos/email/postfix">Postfix</a></li>
</ul>
</li>
<li class="leaf"><a href="howtos/ftp">FTP</a></li>
<li class="leaf"><a href="howtos/high-availability">High-Availability</a></li>
<li class="leaf"><a href="howtos/monitoring">Monitoring</a></li>
<li class="leaf"><a href="howtos/mysql">MySQL</a></li>
<li class="expanded"><a href="howtos/programming" title="">Programming</a>
<ul>
<li class="leaf"><a href="howtos/programming/c-cplusplus">C/C++</a></li>
<li class="leaf"><a href="howtos/programming/php">PHP</a></li>
</ul>
</li>
<li class="leaf"><a href="howtos/samba">Samba</a></li>
<li class="expanded"><a href="howtos/security" title="">Security</a>
<ul>
<li class="leaf"><a href="howtos/security/antispam-antivirus">Anti-Spam/Virus</a></li>
</ul>
</li>
<li class="leaf"><a href="howtos/storage">Storage</a></li>
<li class="expanded"><a href="howtos/virtualization" title="">Virtualization</a>
<ul>
<li class="leaf"><a href="howtos/virtualization/kvm">KVM</a></li>
<li class="leaf"><a href="howtos/virtualization/openvz">OpenVZ</a></li>
<li class="leaf"><a href="howtos/virtualization/vmware">VMware</a></li>
<li class="leaf"><a href="howtos/virtualization/virtualbox">VirtualBox</a></li>
<li class="leaf"><a href="howtos/virtualization/xen">Xen</a></li>
</ul>
</li>
<li class="leaf"><a href="howtos/other">Other</a></li>
<li class="leaf"><a href="howtos/freebsd">FreeBSD</a></li>
<li class="leaf"><a href="howtos/commercial">Commercial</a></li>
</ul>
</li>
<li class="expanded"><a href="mini-howtos" title="">Mini-Howtos</a>
<ul>
<li class="leaf"><a href="mini-howtos/linux">Linux</a></li>
<li class="leaf"><a href="mini-howtos/apache">Apache</a></li>
<li class="leaf"><a href="mini-howtos/backup">Backup</a></li>
<li class="leaf"><a href="mini-howtos/dns">DNS</a></li>
<li class="leaf"><a href="mini-howtos/errors">Errors</a></li>
<li class="leaf"><a href="mini-howtos/ftp">FTP</a></li>
<li class="leaf"><a href="mini-howtos/mysql">MySQL</a></li>
<li class="leaf"><a href="mini-howtos/networking">Networking</a></li>
<li class="leaf"><a href="mini-howtos/php">PHP</a></li>
<li class="leaf"><a href="mini-howtos/postfix">Postfix</a></li>
<li class="leaf"><a href="mini-howtos/security">Security</a></li>
<li class="leaf"><a href="mini-howtos/sendmail">Sendmail</a></li>
<li class="leaf"><a href="mini-howtos/shell">Shell</a></li>
<li class="leaf"><a href="mini-howtos/other">Other</a></li>
<li class="leaf"><a href="mini-howtos/ispconfig">ISPConfig</a></li>
</ul>
</li>
<li class="leaf"><a href="forums" title="">Forums</a></li>
<li class="expanded"><a href="add_howto" title="">Contribute</a>
<ul>
<li class="leaf"><a href="node/add" title="">Create Content</a></li>
</ul>
</li>
<li class="leaf"><a href="subscription" title="">Subscription</a></li>
<li class="leaf"><a href="user" title="">Login</a></li>
<li class="leaf"><a href="sitemap" title="">Site Map/RSS Feeds</a></li>
</ul>
</div></div>
</div><div class="block block-user">
<h2>User login</h2>
<div class="content"><div class="user-login-block">
<!-- /index.php?q=user/login -->
<form action="/forums/login.php?do=login" method="post" onsubmit="SHA1hash(vb_login_password,vb_login_md5password,vb_login_md5password_utf)">
<script type="text/javascript" src="/forums/clientscript/vbulletin_md5.js"></script>
<div class="user-login-block">
<div class="form-item">
<label for="edit-vb_login_username">Username:</label><br />
<input maxlength="64" class="form-text" name="vb_login_username" id="navbar_username" size="15" value="" type="text">
</div>
<div class="form-item">
<label for="edit-vb_login_password">Password:</label><br />
<input class="form-text" maxlength="64" name="vb_login_password" id="edit-vb_login_password" size="15" value="" type="password">
</div>
<div class="form-item">
<label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" tabindex="103" id="cb_cookieuser_navbar" accesskey="c" />Remember Me?</label>
</div>
<input class="form-submit" name="op" value="Log in" type="submit">
</div>
<input name="s" value="" type="hidden">
<input type="hidden" name="securitytoken" value="guest" />
<input name="do" value="login" type="hidden">
<input name="forceredirect" value="1" type="hidden">
<input name="vb_login_md5password" type="hidden">
<input name="vb_login_md5password_utf" type="hidden">
<input type="hidden" name="url" value="/" />
</form>
<div class="item_list">
<a href="/forums/register.php">Create a new account</a><br />
<a href="/forums/login.php?do=lostpw">Request new password</a>
</div>
</div></div>
</div><div class="block block-block">
<h2>Facebook</h2>
<div class="content"><iframe src="http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fhowtoforge&width=140&colorscheme=light&show_faces=true&stream=false&header=true&height=180" scrolling="no" frameborder="0" style="border: medium none;overflow:hidden;width:140px;height:180px;" allowTransparency="true"></iframe></div>
</div><div class="block block-user">
<h2>Who's online</h2>
<div class="content">There are currently 9 users and 3696 guests online.</div>
</div><div class="block block-vbforumblocks">
<h2>HowtoForge Forums</h2>
<div class="content"><div class="item-list"><ul><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67298&goto=newpost" title="Multiserver on Linode. Changes take long to populate">Multiserver on<br>Linode. Changes<br>take long to ...</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67297&goto=newpost" >ISPConfig 3 -<br>Shell User wont<br>use name I give it</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67296&goto=newpost" >Update script from<br>3.0.5.4p3 to<br>3.0.5.4p4 stops</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67295&goto=newpost" >Remove left column<br>in Home menu</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67294&goto=newpost" >How to use my own<br>mydns server?</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67293&goto=newpost" >RSS feed for<br>important<br>vulnerabilities</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67292&goto=newpost" >IPSconfig3 without<br>pureFTP monitor<br>error</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67291&goto=newpost" >New Website<br>creation error</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67290&goto=newpost" >error after update<br>ispconfig</a>
</li><li><a href="http://www.howtoforge.com/forums/showthread.php?t=67289&goto=newpost" title="Upgrade to ISPConfig 3 Patch4 postfix/amavis issues">Upgrade to<br>ISPConfig 3 Patch4<br>postfix/amavis ...</a>
</li></ul></div></div>
</div><div class="block block-aggregator">
<h2>News</h2>
<div class="content"><div class="item-list"><ul><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206971" target="_blank">Tails 1.2 : Video Review and Screenshot Tours</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206973" target="_blank">PeaZip 5.5 Overview &amp; Ubuntu Installation</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206974" target="_blank">Nifty Free Image Viewers</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206975" target="_blank">Ubuntu 14.10 "Utopic Unicorn" Arrives in a Few Days</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206968" target="_blank">Organizer Confirms Both POSSCON and ‘Great Wide Open’ in 2015</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206969" target="_blank">Firefox Hello Not Working and Mozilla Claims the Bug is Invalid</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206914" target="_blank">Torvalds CONFESSES: 'I'm pretty good at alienating devs'</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206916" target="_blank">Open source moves from accepted to expected</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206928" target="_blank">Send video to Chromecast or Roku with Firefox for Android</a>
</li><li><a href="http://lxer.com/module/newswire/ext_link.php?rid=206929" target="_blank">CAINE 6 “Dark Matter” review</a>
</li></ul></div><div class="more-link"><a href="aggregator/sources/1" title="View this feed's recent news.">more</a></div></div>
</div><div class="block block-comment">
<h2>Recent comments</h2>
<div class="content"><div class="item-list"><ul><li><a href="how-to-set-up-software-raid1-on-a-running-system-incl-grub2-configuration-debian-squeeze#comment-35752">How can I do this on Debian</a><br />16 hours 55 min ago</li><li><a href="how-to-install-vnc-server-on-ubuntu-14.04#comment-35751">Speechless...</a><br />17 hours 39 min ago</li><li><a href="how-to-set-up-the-ampache-streaming-music-server-in-ubuntu-12.04-lts-p2#comment-35750">avconv</a><br />1 day 12 hours ago</li><li><a href="using-ngx_pagespeed-with-nginx-on-debian-wheezy#comment-35748">rules change for 1.7.30</a><br />1 day 21 hours ago</li><li><a href="how-to-install-wordpress-on-centos-7#comment-35747">Problem after install wordpress</a><br />2 days 43 min ago</li><li><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35746" class="active">Re: Re: Re: Re: I think the correct is </a><br />2 days 14 hours ago</li><li><a href="setting-up-unison-file-synchronization-between-two-servers-on-debian-squeeze#comment-35745">please helpi have ran unison</a><br />2 days 14 hours ago</li><li><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35744" class="active">Re: My looks like this. OK?</a><br />2 days 15 hours ago</li><li><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35743" class="active">Re: Unknown setting: ssl_protocols</a><br />2 days 15 hours ago</li><li><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35742" class="active">Unknown setting: ssl_protocols</a><br />2 days 15 hours ago</li></ul></div></div>
</div><div class="block block-block">
<h2>Newsletter</h2>
<div class="content"><form method="post" action="http://newsletter.howtoforge.com/howtoforge/user/process.php" name="signup" target="_blank">
<input type="hidden" name="pommo_signup" value="true" />
<table border="0" cellpadding="0" cellspacing="0" width="136">
<tr>
<td colspan="2">
<b>Subscribe to HowtoForge Newsletter</b><br />
and stay informed about our latest HOWTOs and projects.
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input name="Email" id="email" value="enter email address" size="17" onclick="document.signup.Email.value = ''" type="text" class="form-text" />
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input class="form-submit" name="Submit" value="Submit" border="0" type="submit" style="margin-top: 0;" />
</td>
</tr>
<tr>
<td colspan="2">
(To unsubscribe from our newsletter, visit this <a href="http://newsletter.howtoforge.com/howtoforge/user/login.php" target="_blank">link</a>.)
</td>
</tr>
</table>
</form> </div>
</div> </div>
</div>
<hr class="hide" />
<div class="centercolumn">
<div class="centerpadding">
<div align="right" class="additional_links"><b><img src="http://static.howtoforge.com/images/uk_flag.gif" width="20" height="10" border="0" alt="HowtoForge - Linux Howtos in English" /> English</b> | <a href="http://www.howtoforge.de/" title="HowtoForge.de - Linux-Howtos auf Deutsch"><img src="http://static.howtoforge.com/images/de_flag.gif" width="20" height="10" alt="HowtoForge.de - Linux-Howtos auf Deutsch" /> Deutsch</a> | <a href="/sitemap">Site Map/RSS Feeds</a> | <a href="/advertise">Advertise</a></div>
<div class="main-content" id="main">
<div id="adleaderboard_flex" style="width:728px;height:90px;" align="center"><div id="adleaderboard" style="width:728px;height:90px;" align="center"></div></div>
<div id="breadcrumbs">
<div class="breadcrumb"><a href="">Home</a> » <a href="howtos" title="">Howtos</a> » <a href="howtos/linux" title="">Linux</a></div> <span class="breadcrumb"> » How To Secure Your ISPConfig 3 Server Against The Poodle SSL Attack</span>
</div>
<h1 id="title">How to secure your ISPConfig 3 server against the poodle SSL attack</h1>
<div style="padding: 0.7em;border: 1px dashed #2f6fab;margin:5px;background-color: #f9f9f9;font-family: arial, verdana, sans-serif;font-size:20px;color:#0066CC;"><!--Do you like HowtoForge? Please consider supporting us by <a href="/subscription">becoming a subscriber</a>.-->Want to support HowtoForge? Become a <a href="http://www.howtoforge.com/subscription">subscriber</a>!</div>
<!-- start main content -->
<table border="0" cellspacing="0" cellpadding="0" width="98%">
<tr><td>
<div id="content">
<div id="adrectanglea_flex" style="height:250px;width:300px;float:left;margin: 10px 10px 10px 10px;"><div id="adrectanglea" style="height:250px;width:300px;"> </div></div>
<!-- begin content --><div class="node">
<div class="info">Submitted by <a href="forums/member.php?u=3" title="View user profile." rel="nofollow">till</a> (<a href="forums/private.php?do=newpm&u=3" title="Contact author." rel="nofollow">Contact Author</a>) (<a href="forums" title="Forums.">Forums</a>) on Thu, 2014-10-16 17:43.<span class="taxonomy"> :: <a href="sitemap/linux/centos">CentOS</a> | <a href="sitemap/linux/debian">Debian</a> | <a href="sitemap/linux/fedora">Fedora</a> | <a href="sitemap/control-panels/ispconfig">ISPConfig</a> | <a href="sitemap/linux">Linux</a> | <a href="sitemap/linux/suse">SuSE</a> | <a href="sitemap/linux/ubuntu">Ubuntu</a> | <a href="sitemap/web-server">Web Server</a> | <a href="sitemap/web-server/apache">Apache</a> | <a href="sitemap/control-panels">Control Panels</a> | <a href="sitemap/email">Email</a> | <a href="sitemap/ftp">FTP</a> | <a href="sitemap/web-server/nginx">nginx</a> | <a href="sitemap/email/postfix">Postfix</a></span></div>
<div class="content">
<div style="width:100%;border-top:1px solid #CCCCCC;border-bottom:1px solid #CCCCCC;padding:4px 0 2px 0;margin-bottom:5px;height:27px;">
<ul style="list-style-type:none;">
<li style="width:115px;overflow:hidden;float:left;display:inline;"><g:plusone size="medium" href="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack"></g:plusone></li>
<li style="width:180px;overflow:visible;float:left;display:inline;"><div id="fb-root"></div><fb:like href="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack" send="true" layout="button_count" width="180" show_faces="false" font=""></fb:like></li>
<li style="width:115px;overflow:hidden;float:left;display:inline;"><a href="http://twitter.com/share" class="twitter-share-button" data-text="How to secure your ISPConfig 3 server against the poodle SSL attack" data-url="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack" data-counturl="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack" data-count="horizontal" data-via="howtoforgecom">Tweet</a></li>
</ul>
</div><H1>How to secure your ISPConfig 3 server against the poodle SSL attack</h1>
<P>Version 1.1 <BR />Author: Till Brehm<t [dot] brehm [at] howtoforge [dot] com> <BR /><A href="http://twitter.com/howtoforgecom" target=_blank><IMG border=0 alt="" src="http://static.howtoforge.com/http:/static.howtoforge.com/images/socialmedia/twitter.png" width=16 height=16 /></a> <A href="http://twitter.com/howtoforgecom" target=_blank>Follow howtoforge on Twitter</a><BR />Published 2014-10-16<BR />Last edited 2014-10-17</p>
<P>In the following guide I will describe the steps to secure your server against the recent poodle SSL attack. I will use a ISPConfig 3 perfect server on Debian 7 for my examples, but the same steps will work on any other Linux Distribution as well. A default ISPConfig hosting server runs the following services: <STRONG>Webserver</strong> (Nginx or apache), <STRONG>Mailserver</strong> (Postfix and Dovecot / Courier), <STRONG>FTP-Server</strong> (pure-ftpd) that offer SSL / TLS connections and are potential targets for a poodle attack.</p>
<P>I assume that you are logged into your server as root user. If you work on Ubuntu and are not logged in as root, then prepend "sudo" to all commands or run "sudo -" to become root user.</p>
<H2>Apache Webserver </h2>
<P>To secure an apache webserver, the line</p>
<P><SPAN class=system>SSLProtocol all -SSLv2 -SSLv3</span></p>
<P>has to be added in each SSL vhost on the server. If the SSLProtocol setting is not explicitly set in a vhost, then the global setting gets applied. In case of a ISPConfig 3 server, the SSLProtocol setting can be set globally as the vhosts dont override that setting. On a Debian or Ubuntu Server, open the file /etc/apache2/mods-available/ssl.conf in a editor</p>
<P class=command>nano /etc/apache2/mods-available/ssl.conf</p>
<P>scroll down until you see the lines:</p>
<P class=system># enable only secure protocols: SSLv3 and TLSv1, but not SSLv2<BR />SSLProtocol all -SSLv2</p>
<P>and change them to:</p>
<P class=system># enable only secure protocols: but not SSLv2 and SSLv3<BR />SSLProtocol all -SSLv2 -SSLv3</p>
<P>Then restart apache</p>
<P class=command>service apache2 restart</p>
<P> </p>
<H2>Nginx Webserver</h2>
<P>For an nginx webserver, the line</p>
<P><SPAN class=system>ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</span></p>
<P>has to be added in each SSL server { } serction. If the SSLProtocol setting is not explicitly set in a server { } section, then the global setting of the http { } section get applied. In case of a ISPConfig 3 server, the SSLProtocol setting can be set globally in http { } section as the server { } sections dont override that setting. On a Debian or Ubuntu Server, open the file /etc/nginx/nginx.conf in a editor</p>
<P class=command>nano /etc/nginx/nginx.conf</p>
<P>and add the line:</p>
<P class=system>ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</p>
<P>after the line:</p>
<P class=system>http {</p>
<P>then restart nginx:</p>
<P class=command>service nginx restart</p>
<P> </p>
<H2>Postfix mail server</h2>
<P>To force postfix to not supply the SSLv2 and SSLv3 protocol, run these commands:</p>
<P class=command>postconf -e 'smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3'<BR />postconf -e 'smtpd_tls_protocols=!SSLv2,!SSLv3'<BR />postconf -e 'smtp_tls_protocols=!SSLv2,!SSLv3'</p>
<P>This will add the lines:</p>
<P class=system>smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3<BR />smtpd_tls_protocols = !SSLv2,!SSLv3<BR />smtp_tls_protocols = !SSLv2,!SSLv3<BR /></p>
<P>in the /etc/postfix/main.cf file. Then run this command to apply the new configuration:</p>
<P class=command>service postfix restart</p>
<P> </p>
<H2>Dovecot IMAP / POP3 server</h2>
<P>Dovecot supports SSL protocol settings in version 2.1 and newer. So the first step is to find out which dovecot version you use. The command is:</p>
<P class=command>dovecot --version</p>
<P>on my server I got the following result:</p>
<P class=system>root@server1:~# dovecot --version<BR />2.1.7<BR />root@server1:~#</p>
<P>which indicates that my server supports ssl_protocol settings.</p>
<P>Edit the dovecot configuration file</p>
<P class=command>nano /etc/dovecot/dovecot.conf</p>
<P>and add the line</p>
<P class=system>ssl_protocols = !SSLv2 !SSLv3</p>
<P>right after the ssl_key line, so your file should look like this:</p>
<P class=system><BR />ssl_key = </etc/postfix/smtpd.key<BR />ssl_protocols = !SSLv2 !SSLv3<BR /></p>
<P>and finally restart dovecot to apply the changes:</p>
<P class=command>service dovecot restart</p>
<P> </p>
<H2>Courier POP3 / IMAP server</h2>
<P>The courier imap and pop3 server offers connections over the SSLv3 protocol by default, so we have to reconfigure it as well. The courier configuration files are in the folder /etc/courier/. First we start with the config file of the IMAP daemon:</p>
<P class=command>nano /etc/courier/imapd-ssl</p>
<P>Add or replace the following lines:</p>
<P class=system>IMAPDSSLSTART=NO<BR />IMAPDSTARTTLS=YES<BR />IMAP_TLS_REQUIRED=1<BR />TLS_PROTOCOL=TLS1<BR />TLS_STARTTLS_PROTOCOL=TLS1</p>
<P>Then edit the config file of the POP3 Daemon:</p>
<P class=command>nano /etc/courier/pop3d-ssl</p>
<P>Add or replace the following lines:</p>
<P class=system>POP3DSSLSTART=NO<BR />POP3STARTTLS=YES<BR />POP3_TLS_REQUIRED=1<BR />TLS_PROTOCOL=TLS1<BR />TLS_STARTTLS_PROTOCOL=TLS1</p>
<P>Finally restart the courier daemons:</p>
<P class=command>service courier-imap-ssl restart<BR />service courier-pop-ssl restart</p>
<P> </p>
<H2>FTP with pure-ftpd</h2>
<P>Securing pure-ftpd on Debian and Ubuntu is a bit more complicated as the /usr/sbin/pure-ftpd-wrapper script from Debian does not support the -J switch whihc is used by pure-ftpd to set the ssl protocols. So the first step is that we add support for the -J option in the wrapper script. This will not work in Debian 6 as the pure-ftpd Version in Debian 6 is too old and does not has a setting for SSL protocols. So the only option for Debian 6 users will be to upgrade to Debian 7. Open the file</p>
<P class=command>nano /usr/sbin/pure-ftpd-wrapper</p>
<P>and scroll down to the line</p>
<P class=system>'TLS' => ['-Y %d', \&parse_number_1],</p>
<P>and add this new line right afterwards:</p>
<P class=system>'TLSCipherSuite' => ['-J %s', \&parse_string],</p>
<P>Finally we create a config file which contains the SSL protocols that we want to allow:</p>
<P class=command>echo 'HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3' > /etc/pure-ftpd/conf/TLSCipherSuite</p>
<P>to apply the changes, restart pure-ftpd. On my server, I use pure-ftpd with mysql, so the name of the daemon is pure-ftpd-mysql instead of just pure-ftpd.</p>
<P class=command>service pure-ftpd-mysql restart</p>
<P>the result should be similar to this:</p>
<P class=system>root@server1:~# service pure-ftpd-mysql restart<BR />Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -Y 1 -8 UTF-8 -H -J HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3 -D -b -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -A -B<BR />root@server1:~#</p>
<P>so the -J option has been added successfully to the start sequence of the daemon.</p>
<P> </p>
<H2>Links</h2>
<UL>
<LI><A href="https://www.openssl.org/~bodo/ssl-poodle.pdf">SSL poodle attack</a></li>
<LI><A href="http://ispconfig.org/">ISPConfig</a></li></ul><br /><div class="copyright-footer">Copyright © 2014 Till Brehm<br />All Rights Reserved.
</div><div style="width:100%;border-top:1px solid #CCCCCC;border-bottom:1px solid #CCCCCC;padding:4px 0 2px 0;margin-bottom:5px;height:27px;">
<ul style="list-style-type:none;">
<li style="width:115px;overflow:hidden;float:left;display:inline;"><g:plusone size="medium" href="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack"></g:plusone></li>
<li style="width:180px;overflow:visible;float:left;display:inline;"><div id="fb-root"></div><fb:like href="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack" send="true" layout="button_count" width="180" show_faces="false" font=""></fb:like></li>
<li style="width:115px;overflow:hidden;float:left;display:inline;"><a href="http://twitter.com/share" class="twitter-share-button" data-text="How to secure your ISPConfig 3 server against the poodle SSL attack" data-url="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack" data-counturl="http://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack" data-count="horizontal" data-via="howtoforgecom">Tweet</a></li>
</ul>
</div> </div>
<div class="links"><a href="comment/reply/7842#comment" title="Share your thoughts and opinions related to this posting." rel="nofollow">add comment</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a> | <a href="subscription" title="Display a printer-friendly version of this page." rel="nofollow"><img src="http://static.howtoforge.com/images/print.gif" border="0" alt="Display a printer-friendly version of this page." width="16" height="16"></a> <a href="subscription" title="Display a printer-friendly version of this page." rel="nofollow">print</a></div>
<!-- Begin related tutorials -->
<div class="relatedlinks" id="relatedlinks">
<h2 class="title" style="padding:10px;"><span style="margin-top:5px;font-weight:bold;"> Related Tutorials</span></h2>
<div class="content" style="padding:20px;"><ul>
<li><a href="/apache_mod_security">Secure Your Apache With mod_security</a></li><li><a href="/webdav_with_ssl_and_two_factor_authentication">How to secure WebDAV with SSL and Two-Factor Authentication</a></li><li><a href="/secure_vnc_remote_access_with_two_factor_authentication">How to secure VNC remote access with two-factor authentication</a></li><li><a href="/ssl_vpn_one_time_passcodes_mutual_authentication">How to secure an SSL VPN with one-time passcodes and mutual authentication</a></li><li><a href="/how-to-install-secure-and-automate-awstats-centos-rhel">How To Install, Secure, And Automate AWStats (CentOS/RHEL)</a></li></ul>
</div>
</div>
<!-- End related tutorials -->
</div>
<a id="comment"></a>
<table width="100%" style="border: 1px solid #808080; background-color: #FFF4B7;"><tr><td style="background-color: #FFF4B7; padding: 7px; padding-top: 15px; padding-left: 15px;"><img src="/images/please_note.gif" border="0" alt=""></td><td style="font-size: 12px; font-style: italic; background-color: #FFF4B7; padding-left: 7px; padding-top: 15px; padding-right: 15px; padding-bottom: 15px;">Please do not use the comment function to ask for help! If you need help, please use our <a href="forums">forum</a>.<br>Comments will be published after administrator approval.</td></tr></table><form method="post" action="comment"><div>
<input type="hidden" name="edit[nid]" value="7842" />
<a id="comment-35742"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="Jasper" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35742" class="active">Unknown setting: ssl_protocols</a></div>
<div class="author">Submitted by Jasper (not registered) on Fri, 2014-10-17 19:10.</div>
<div class="content">I get this error when following the instruction for dovecot: Unknown setting: ssl_protocols. How to fix this? Thanks!</div>
<div class="links"><a href="comment/reply/7842/35742">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div><div style="margin-left:25px;">
<a id="comment-35743"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="admin" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35743" class="active">Re: Unknown setting: ssl_protocols</a></div>
<div class="author">Submitted by <a href="forums/member.php?u=1" title="View user profile." rel="nofollow">admin</a> (registered user) on Fri, 2014-10-17 19:12.</div>
<div class="content">Did you check the dovecot Version as described in the guide? Only dovecot 2.1 and newer supports SSL protocol Settings.</div>
<div class="links"><a href="comment/reply/7842/35743">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div></div>
<a id="comment-35741"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="xciso" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35741" class="active">My looks like this. OK?</a></div>
<div class="author">Submitted by xciso (not registered) on Fri, 2014-10-17 16:44.</div>
<div class="content"><P>Hello. I did the changes above about Pure-FTP</p>
<P>My looks like this:</p>
<P>Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf - l pam -E -J HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3 -b -H -u 1000 -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -D -A -B</p>
<P>Is that ok?</p></div>
<div class="links"><a href="comment/reply/7842/35741">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div><div style="margin-left:25px;">
<a id="comment-35744"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="admin" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35744" class="active">Re: My looks like this. OK?</a></div>
<div class="author">Submitted by <a href="forums/member.php?u=1" title="View user profile." rel="nofollow">admin</a> (registered user) on Fri, 2014-10-17 19:13.</div>
<div class="content"><P>Thats ok, the important part is:</p>
<P>-J HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3 </p></div>
<div class="links"><a href="comment/reply/7842/35744">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div></div>
<a id="comment-35739"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="beyerservice" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35739" class="active">thank you</a></div>
<div class="author">Submitted by <a href="forums/member.php?u=81002" title="View user profile." rel="nofollow">beyerservice</a> (registered user) on Fri, 2014-10-17 12:33.</div>
<div class="content"><p>worked for me (Debian 7)</p>
</div>
<div class="links"><a href="comment/reply/7842/35739">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div><a id="comment-35738"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="Anonymous" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35738" class="active">All works fine on Ubuntu 14.</a></div>
<div class="author">Submitted by Anonymous (not registered) on Fri, 2014-10-17 11:23.</div>
<div class="content"><DIV class=content>All works fine on Ubuntu 14. <BR /></div>
<DIV class=content> </div>
<DIV class=content> those having issues with ubuntu or debian, </div>
<DIV class=content> </div>
<DIV class=content><B>do not remove:</b></div>
<DIV class=content>
<P class=system>'TLS' => ['-Y %d', \&parse_number_1],</p>
<P class=system> </p>
<P class=system>Add the TLSCipherSuite right after TLS:<BR /></p>
<P class=system>'TLSCipherSuite' => ['-J %s', \&parse_string],</p></div>
<DIV class=content> </div>
<DIV class=content>For the person who posted about the -J command.</div>
<DIV class=content>Ubuntu Man pages shows the -J as capitol for TLSCipher,</div>
<DIV class=content>so its correct. (-j Smaller is for createhomedir)<BR /></div>
<DIV class=content> </div>
<DIV class=content>I made the mistake of replacing the original TLS entry, with the TLSCipherSuite.</div>
<DIV class=content> </div>
<DIV class=content>Results: </div>
<DIV class=content>Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/TLSCipherSuite: No corresponding directive.</div>
<DIV class=content> </div>
<DIV class=content>May be what happened to the 1st person who commented here. <BR /></div>
<DIV class=content> </div>
<DIV class=content>Make sure you dont delete the TLS. </div>
<DIV class=content> </div>
<DIV class=content>Thanks for this post OP. and Help this helps anyone else on Ubuntu.<BR /></div></div>
<div class="links"><a href="comment/reply/7842/35738">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div><a id="comment-35734"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="Anonymous" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35734" class="active">pure-ftp</a></div>
<div class="author">Submitted by Anonymous (not registered) on Thu, 2014-10-16 22:44.</div>
<div class="content"><P>I followed directions above but when I try to restart PURE FTP I get this</p>
<P><B>service pure-ftpd-mysql restart </b><BR />Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/TLS: No corresponding directive</p></div>
<div class="links"><a href="comment/reply/7842/35734">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div><a id="comment-35732"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="A.Rehm" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35732" class="active">Courier IMAP and POP</a></div>
<div class="author">Submitted by A.Rehm (not registered) on Thu, 2014-10-16 20:55.</div>
<div class="content">And what setting would be sufficient for courier?<BR /></div>
<div class="links"><a href="comment/reply/7842/35732">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div><a id="comment-35728"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="oriongr" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35728" class="active">I think the correct is </a></div>
<div class="author">Submitted by <a href="forums/member.php?u=26426" title="View user profile." rel="nofollow">oriongr</a> (registered user) on Thu, 2014-10-16 19:30.</div>
<div class="content"><P>I think the correct is <BR /></p>
<P>'TLSCipherSuite' => ['-j %s', \&parse_string],</p>
<P> </p>
<P>not capital J. With capital in ubuntu gives an error </p>
<P>/usr/sbin/pure-ftpd-mysql-virtualchroot: invalid option -- 'J'<BR /> </p></div>
<div class="links"><a href="comment/reply/7842/35728">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div><div style="margin-left:25px;">
<a id="comment-35729"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="admin" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35729" class="active">Re: I think the correct is </a></div>
<div class="author">Submitted by <a href="forums/member.php?u=1" title="View user profile." rel="nofollow">admin</a> (registered user) on Thu, 2014-10-16 19:37.</div>
<div class="content"><P>The Option -j exists to create a homedir, it is not related to ssl. Maybe the pure-ftpd on your Server does not Support the -J Option yet. On Debian, were I tested the guide, the -J Option exists. From pure-ftpd manpage n Debian 7:</p>
<P>-J --tlsciphersuite</p></div>
<div class="links"><a href="comment/reply/7842/35729">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div></div>
<div style="margin-left:50px;">
<a id="comment-35736"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="julienl" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35736" class="active">Re: Re: I think the correct is </a></div>
<div class="author">Submitted by <a href="forums/member.php?u=79776" title="View user profile." rel="nofollow">julienl</a> (registered user) on Fri, 2014-10-17 07:41.</div>
<div class="content">It doesn't work on Debian 6 (Squeeze). The "-J" switch is missing.<BR /></div>
<div class="links"><a href="comment/reply/7842/35736">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div></div>
<div style="margin-left:50px;">
<a id="comment-35730"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="oriongr" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35730" class="active">Re: Re: I think the correct is </a></div>
<div class="author">Submitted by <a href="forums/member.php?u=26426" title="View user profile." rel="nofollow">oriongr</a> (registered user) on Thu, 2014-10-16 19:52.</div>
<div class="content"><P>I have to check. I have ubuntu..</p>
<P> </p></div>
<div class="links"><a href="comment/reply/7842/35730">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div></div>
<div style="margin-left:75px;">
<a id="comment-35731"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="admin" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35731" class="active">Re: Re: Re: I think the correct is </a></div>
<div class="author">Submitted by <a href="forums/member.php?u=1" title="View user profile." rel="nofollow">admin</a> (registered user) on Thu, 2014-10-16 19:57.</div>
<div class="content"><P>Run:</p>
<P class=command>man pure-ftpd</p>
<P>to get the manpage. If it does not list -J Option on your Server, then this pure-ftpd Version does not support to restrict the SSL mode.</p></div>
<div class="links"><a href="comment/reply/7842/35731">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div></div>
<div style="margin-left:100px;">
<a id="comment-35746"></a>
<div class="comment ">
<!--<div class="gravatar">
<img src="" alt="Anonymous" />
</div>//-->
<div class="title"><a href="how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack#comment-35746" class="active">Re: Re: Re: Re: I think the correct is </a></div>
<div class="author">Submitted by Anonymous (not registered) on Fri, 2014-10-17 20:34.</div>
<div class="content"><P>hi guys i apply this changes on my debian 7 (isp config 3.0.5.4p4) but now i dont login with filezilla in my ftp accounts. And i see this error in my isp panel status of services. Please help me.</p>
<TABLE style="FONT-SIZE: 11px; FONT-FAMILY: Consolas, 'Lucida Console', 'Courier New', monospace; BORDER-COLLAPSE: collapse; FONT-WEIGHT: bold; COLOR: rgb(68,68,68); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px 0px 0.5em; PADDING-RIGHT: 0px; WIDTH: auto; BACKGROUND-COLOR: rgb(255,127,127)">
<TBODY style="PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
<TR style="PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">
<TD style="PADDING-BOTTOM: 0.5em; PADDING-TOP: 0.5em; PADDING-LEFT: 0.5em; MARGIN: 0px; PADDING-RIGHT: 0.5em">FTP-Server:</td>
<TD style="PADDING-BOTTOM: 0.5em; PADDING-TOP: 0.5em; PADDING-LEFT: 0.5em; MARGIN: 0px; PADDING-RIGHT: 0.5em">
<P>Offline</p>
<P> </p></td></tr></tbody></table></div>
<div class="links"><a href="comment/reply/7842/35746">reply</a> | <a href="subscription" title="View and print node as pdf."><img src="http://static.howtoforge.com/images/pdf.gif" border="0" alt="view as pdf" width="16" height="16"></a> <a href="subscription" title="View and print node as pdf.">view as pdf</a></div>
</div></div>
</div></form><!-- end content --> </div>
</td></tr></table>
<!-- end main content -->
<!-- BEGIN Sponsored Links-->
<div id="adtextlinka_flex" style="width:600px;height:0px;" align="center"><div id="adtextlinka" style="width:600px;height:0px;" align="center"></div></div>
<div id="adtextlinkb_flex" style="width:600px;height:0px;" align="center"><div id="adtextlinkb" style="width:600px;height:0px;" align="center"></div></div>
<div id="adtextlinkc_flex" style="width:600px;height:0px;" align="center"><div id="adtextlinkc" style="width:600px;height:0px;" align="center"></div></div>
<div id="adtextlinkd_flex" style="width:600px;height:0px;" align="center"><div id="adtextlinkd" style="width:600px;height:0px;" align="center"></div></div>
<div id="adleaderboardb_flex" style="width:728px;height:90px;" align="center"><div id="adleaderboardb" style="width:728px;height:90px;" align="center"></div></div>
<div id="adpreroll_flex" style="width:300px;height:0px;" align="center"><div id="adpreroll" style="width:300px;height:0px;" align="center"></div></div>
<!-- END Sponsored Links-->
</div><!-- main -->
</div>
</div>
</div>
<div class="clearing"></div>
<hr class="hide" />
<!-- START: FOOTER-->
<div id="footer" class="footer">
<p><center><a href="/">Howtos</a> | <a href="/mini-howtos">Mini-Howtos</a> | <a href="/forums">Forums</a> | <a href="http://lxer.com/" target="_blank">News</a> | <a href="/trip_search">Search</a> | <a href="/add_howto">Contribute</a> | <a href="/subscription">Subscription</a><br><a href="/sitemap">Site Map/RSS Feeds</a> | <a href="/advertise">Advertise</a> | <a href="/forums/sendmessage.php">Contact</a> | <a href="/disclaimer">Disclaimer</a> | <a href="/imprint">Imprint</a></center></p>
<p><center><img src="http://static.howtoforge.com/images/idg_footer_logo.gif" width="149" height="29" boder="0"><br><br><img src="http://static.howtoforge.com/images/premium_publisher_logo.jpg" width="186" height="164" border="0" alt=""></center></p>
<br /><div class="copyright-footer">Copyright © 2014 HowtoForge - Linux Howtos and Tutorials<br />All Rights Reserved.
</div> </div>
<!-- END: FOOTER -->
</div><!-- wrapper -->
</div><!-- outer_wrapper -->
<script type="text/javascript" src="http://static.howtoforge.com/js/htf.js"></script>
<script type="text/javascript" src="http://static.howtoforge.com/jquery/jquery-1.5.min.js"></script>
<script type="text/javascript" src="http://static.howtoforge.com/jquery/thickbox-compressed.js"></script>
<script type="text/javascript" src="http://static.howtoforge.com/jquery/jquery.watermark.min.js"></script>
<script type="text/javascript" src="http://static.howtoforge.com/jquery/jquery.tree-1.0.2.js"></script>
<script type="text/javascript">
jQuery('#keys').watermark('Search');
/*
var addthis_config = {"data_track_clickback":true};
var addthis_share =
{
templates: {
twitter: "{{title}}: {{url}} via @howtoforgecom"
}
}
*/
</script>
<!--<script type="text/javascript" src="http://static.howtoforge.com/js/addthis_widget-1.1.js"></script>-->
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
<script type="text/javascript">
<!--
var nodes = jQuery('#content div.node');
var rectangleb_code = '<div id="adrectangleb_flex" style="width:300px;height:250px;" align="center"><div id="adrectangleb" style="width:300px;height:250px;" align="center"></div></div><div id="adibm300x600_flex" style="width:300px;height:0px;" align="center"><div id="adibm300x600" style="width:300px;height:0px;" align="center"></div></div>';
var linkblock_code = '<div> </div><div id="adlinkblock" style="width:100%;height:15px;"></div>';
if(nodes.length == 1){
// Howtos
var p_tags = jQuery('#content div.node div.content p');
var p_total = p_tags.length;
if(p_total > 3){
var p_half = Math.round(p_total/2);
jQuery('#content div.node div.content p:eq(' + p_half + ')').before(rectangleb_code);
jQuery('#content div.node div.content>p:first').before(linkblock_code);
}
} else {
// Homepage / Kategorie-Seiten
var node_tags = jQuery('#content div.node');
var node_total = node_tags.length;
var node_half = Math.round(node_total/2);
jQuery('#content div.node:eq(' + node_half + ')').before(rectangleb_code);
}
//-->
</script>
<script type="text/javascript" src="http://static.howtoforge.com/jquery/postload-1.0.7.min.js"></script>
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
<script type='text/javascript'>
GS_googleAddAdSenseService("ca-pub-3043223216276099");
GS_googleEnableAllServices();
</script>
<script language="JavaScript">
GA_googleAddAttr("Category", "CentOS");
GA_googleAddAttr("Category", "Debian");
GA_googleAddAttr("Category", "Fedora");
GA_googleAddAttr("Category", "ISPConfig");
GA_googleAddAttr("Category", "Linux");
GA_googleAddAttr("Category", "SuSE");
GA_googleAddAttr("Category", "Ubuntu");
GA_googleAddAttr("Category", "Web%20Server");
GA_googleAddAttr("Category", "Apache");
GA_googleAddAttr("Category", "Control%20Panels");
GA_googleAddAttr("Category", "Email");
GA_googleAddAttr("Category", "FTP");
GA_googleAddAttr("Category", "nginx");
GA_googleAddAttr("Category", "Postfix");
</script>
<script type='text/javascript'>
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_article_leaderboard_a_728x90");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_article_rectangle_a_300x250");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_article_rectangle_b_300x250");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_article_halfpage_a_300x600");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_article_leaderboard_b_728x90");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_article_halfpage_b_300x600");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_textlink_a_600x50");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_textlink_b_600x50");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_textlink_c_600x50");
GA_googleAddSlot("ca-pub-3043223216276099", "howtoforge_com_textlink_d_600x50");
</script>
<script type='text/javascript'>
GA_googleFetchAds();
</script>
<div id="adlinkblock_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<script type="text/javascript">
<!--
document.write('<div style="margin-left:310px;">');
//-->
</script>
<!-- begin Link Block 468x15 -->
<script type="text/javascript"><!--
google_ad_client = "pub-3043223216276099";
/* Link Block 468x15 */
google_ad_slot = "1415480413";
google_ad_width = 468;
google_ad_height = 15;
//-->
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<!-- End Link Block 468x15 -->
<script type="text/javascript">
<!--
document.write('</div>');
//-->
</script>
</div>
<script type="text/javascript">
moveads('adlinkblock_hidden');
</script>
<div id="adleaderboard_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<!-- begin ad tag Leaderboard -->
<!-- howtoforge_com_article_leaderboard_a_728x90 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_article_leaderboard_a_728x90");
</script>
<!-- End ad tag Leaderboard -->
</div>
<script type="text/javascript">
moveads('adleaderboard_hidden');
</script>
<div id="adrectanglea_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<script type="text/javascript">
<!--
document.write('<div>');
//-->
</script>
<!-- begin ad tag Rectangle A -->
<!-- howtoforge_com_article_rectangle_a_300x250 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_article_rectangle_a_300x250");
</script>
<!-- End ad tag Rectangle A -->
<script type="text/javascript">
<!--
document.write('</div>');
//-->
</script>
</div>
<script type="text/javascript">
moveads('adrectanglea_hidden');
</script>
<div id="adrectangleb_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<!-- begin ad tag Rectangle B -->
<!-- howtoforge_com_article_rectangle_b_300x250 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_article_rectangle_b_300x250");
</script>
<!-- End ad tag Rectangle B -->
</div>
<script type="text/javascript">
moveads('adrectangleb_hidden');
</script>
<div id="adibm300x600_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<script type="text/javascript">
<!--
document.write('<div align="center" style="margin-top:5px;">');
//-->
</script>
<!-- begin ad tag IBM 300x600 -->
<!-- howtoforge_com_article_halfpage_a_300x600 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_article_halfpage_a_300x600");
</script>
<!-- End ad tag IBM 300x600 -->
<script type="text/javascript">
<!--
document.write('</div>');
//-->
</script>
</div>
<script type="text/javascript">
moveads('adibm300x600_hidden');
</script>
<div id="adtextlinka_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<!-- begin ad tag textlink a -->
<!-- howtoforge_com_textlink_a_600x50 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_textlink_a_600x50");
</script>
<!-- End ad tag textlink a -->
</div>
<script type="text/javascript">
moveads('adtextlinka_hidden');
</script>
<div id="adtextlinkb_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<!-- begin ad tag textlink b -->
<!-- howtoforge_com_textlink_b_600x50 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_textlink_b_600x50");
</script>
<!-- End ad tag textlink b -->
</div>
<script type="text/javascript">
moveads('adtextlinkb_hidden');
</script>
<div id="adtextlinkc_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<!-- begin ad tag textlink c -->
<!-- howtoforge_com_textlink_c_600x50 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_textlink_c_600x50");
</script>
<!-- End ad tag textlink c -->
</div>
<script type="text/javascript">
moveads('adtextlinkc_hidden');
</script>
<div id="adtextlinkd_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<!-- begin ad tag textlink d -->
<!-- howtoforge_com_textlink_d_600x50 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_textlink_d_600x50");
</script>
<!-- End ad tag textlink d -->
</div>
<script type="text/javascript">
moveads('adtextlinkd_hidden');
</script>
<div id="adleaderboardb_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<!-- begin ad tag Leaderboard B -->
<!-- howtoforge_com_article_leaderboard_b_728x90 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_article_leaderboard_b_728x90");
</script>
<!-- End ad tag Leaderboard B -->
</div>
<script type="text/javascript">
moveads('adleaderboardb_hidden');
</script>
<div id="adpreroll_hidden" class="banner" style="position:absolute;top:-1000px;left:-1000px;display:none;">
<script type="text/javascript">
<!--
document.write('<div align="center" style="margin-top:5px;">');
//-->
</script>
<!-- begin ad tag 300x600 -->
<!-- howtoforge_com_article_halfpage_b_300x600 -->
<script type='text/javascript'>
GA_googleFillSlot("howtoforge_com_article_halfpage_b_300x600");
</script>
<!-- End ad tag 300x600 -->
<script type="text/javascript">
<!--
document.write('</div>');
//-->
</script>
</div>
<script type="text/javascript">
moveads('adpreroll_hidden');
</script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-2155872-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</body>
</html>
<!-- Page cached by Boost at 2014-10-20 12:00:08, expires at 2014-10-20 13:00:08 -->