From f8953f71c0bd838c72aa91be4fbabf7dae148da6 Mon Sep 17 00:00:00 2001
From: Tim Skirvin <tskirvin@killfile.org>
Date: Wed, 15 Oct 2014 13:38:02 -0500
Subject: [PATCH] Turning off SSLv3 by default, re: CVE-2014-3566 (POODLE SSL
 vuln.)

---
 README.md                  | 2 +-
 templates/mod/ssl.conf.erb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 560545b98..edcef14d1 100644
--- a/README.md
+++ b/README.md
@@ -1781,7 +1781,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce
 
 Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. 
 
-If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2'.
+If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'.
 
 #####`ssl_cipher`
 
diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb
index 24274050c..35ec92afd 100644
--- a/templates/mod/ssl.conf.erb
+++ b/templates/mod/ssl.conf.erb
@@ -21,7 +21,7 @@
   SSLCryptoDevice builtin
   SSLHonorCipherOrder On
   SSLCipherSuite <%= @ssl_cipher %>
-  SSLProtocol all -SSLv2
+  SSLProtocol all -SSLv2 -SSLv3
 <% if @ssl_options -%>
   SSLOptions <%= @ssl_options.compact.join(' ') %>
 <% end -%>