Disable SSLv2 in Apache (httpd)

SSLv2 is no longer used standard for years, and is usually installed to support for legacy products only. However, it can also pose a significant security risk, so we strongly recommend to disable it.

This article will walk you through disabling SSLv2 and enabling SSLv3 or TLSv1 in Apache.

Connect via SSH using an application such as Putty

Using an editor (nano, vi, pico) edit /etc/httpd/conf.d/ssl.conf

Find SSLProtocol and set as SSLProtocol -ALL +SSLv3 +TLSv1

Save the file Restart Apache; "service httpd restart"

Execute this command and make sure you get an error
openssl s_client –ssl2 –connect localhost:443

Execute this command which should connect successfully
openssl s_client –ssl3 –connect localhost:443