How to Fix the SSL 3.0 Poodle Vulnerability

I got an email from Stripe payments to let me know that a recent credit card transaction on my site had used the SSL 3.0 protocol on my server and that this was possibly insecure due to the recent “Poodle” vulnerability. They said that they would be removing support for SSL 3.0 in Stripe soon and that my existing credit card forms would no longer work.

The fix for this is server based and essentially you need to remove support for the SSL 3.0 protocol on your server in favour of TLS. All modern servers should support TLS but you might need to tell them to or tell them to disable SSL 3.0. Contact your host if you are on a shared server. If you’re on a VPS like me you can do this yourself in WHM/Cpanel as below:

  1. Go to WHM => Service Configuration => Apache Configuration => Include Editor => Pre Main Include.
  2. Select a version or All Versions.
  3. Add the following in the text box that appears:SSLHonorCipherOrder On
    SSLProtocol ALL -SSLv2 -SSLv3
  4. Press the Update button and then “Restart Apache”.
SSL 3.0 Poodle
SSL 3.0 Poodle

How To Add an SPF Record in Cpanel

Spent quite a bit of time Googling around for an answer to this but couldn’t find an article that described it properly anywhere. I was having a bit of trouble with “undelivered mail” email spam, ie – people were using my domain to send spam emails to other people but the emails were bouncing back to me when no inbox was found. Adding an SPF record to your domain tells other email clients that your domain is a little bit more trustworthy and can also help avoid your legitimate emails going into other people’s spam.

I Googled how to setup an SPF record manually in WHM but found conflicting results on the correct syntax to use but then I realised that there’s an actual automated tool inside Cpanel! If you go to “Email Authentication” under “Mail” in your site’s Cpanel (see below) and “Enable” SPF, you can then customise it slightly for your situation and the resulting SPF record will be added automatically to your DNS zone:

Email Authentication

Once SPF is enabled, it will add automatic rules to your record based on your sending server IP address but you can add server/domain details for other servers which might send email from your domain. For example I use Google Apps email and have switched all my email to them from my own domain via DNS. The screenshot below shows the “Incude” setup for me:


Finally, here’s my full SPF record, added automatically to my DNS zone via the above process:

[php] 14400 IN TXT "v=spf1 +a +mx +ip4: ~all"[/php]

You can test your new SPF record HERE once the DNS change has propogated.