SSL 3.0 を無効に設定する方法(POODLE対応) apache+mod_ssl, nginx

SSL 3.0の脆弱性 CVE-2014-3566 aka POODLE の対応でSSL v3を無効にする必要あり

• http://www.itmedia.co.jp/news/articles/1410/15/news054.html
• http://googleonlinesecurity.blogspot.jp/2014/10/this-poodle-bites-exploiting-ssl-30.html
• https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
• https://www.openssl.org/~bodo/ssl-poodle.pdf

Apache httpd + mod_sslなら
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol
SSLProtocol All -SSLv2 -SSLv3
httpd2.4からは SSLv2は元から無効なので All -SSLv3でOK http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslprotocol

nginxなら
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols