(2014-10-15)
Testing for poodle:
[root@voyager conf.d]# curl -v3 -X HEAD
https://wiki.xdroop.com
* About to connect() to wiki.xdroop.com port 443 (#0)
* Trying 207.107.149.132… connected
* Connected to wiki.xdroop.com (207.107.149.132) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12286
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error
If you are vulnerable, you should see normal connection output, including the line:
* SSL 3.0 connection using SSL_NULL_WITH_NULL_NULL
If you don't get a SSL connection error, you are accepting v3.
To fix: In /etc/httpd/conf.d/ssl.conf, adjust:
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2 -SSLv3