Hi I have Elastic Load Balancer on which I've deployed my ssl certificates and when i check on the web it say site is vulnerable because of SSLv3 is enabled on the site. So my question is What exactly needs to be done in my environment so that it stops reporting about POODLE Vulnerablity.
I do know that i need to make changes in
/etc/httpd/conf.d/ssl.conf on line "SSLProtocol All -SSLv2 -SSLv3"
I would highly appreciate any comment from experts.
Thank you.
Change the Elastic Load Balancer's SSL Security Policy to ELBSecurityPolicy-2014-10 or later, or remove SSLv3 from your custom security policy.