Nginx sslv3 poodle disable

Here is a good Tutorial how to configure nginx with the best settings.

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

Your configuration for SSLv3 is correct.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

In the post is a section for your ciphers.

ssl_ciphers 'AES256+EECDH:AES256+EDH';

I had set my ssl_protocols correctly and could not get it to disable SSLv3, according to https://www.tinfoilsecurity.co... or ssllabs.com 's tests. Eventually I discovered

https://disablessl3.com/#test which mentions trying:

openssl s_client -connect <hostname:443> -ssl3

as the command to test it with. When I did that, I discovered that nginx was using another virtualhost's SSL cert for the initial handshake, rather than the one set up in this specific virtualhost. Once I added in the ssl_protocols line in all virtualhosts that use SSL, it suddenly started working.

Great i fix it! This is my config

ssl on;
ssl_ciphers 'AES256+EECDH:AES256+EDH::!EECDH+aRSA+RC4:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

My grade: