SSL 3.0 is an obsolete and insecure protocol recently affected by the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability which allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.
SSLv3 has been replaced by TLS which is supported by all modern browsers so it should be safe to disable SSLv3.
Here’s how to identify sites supporting SSLv3 and disable it.
grep -r ssl_protocol /etc/nginx
This will give you a list of the sites currently supporting SSLv3:
/etc/nginx/sites-available/default:# ssl_protocols SSLv3 TLSv1; /etc/nginx/sites-enabled/mysite.com: ssl_protocols SSLv3 TLSv1;
Open each file in a text editor. (Example: vi /etc/nginx/sites-available/default)
Replace this line:
ssl_protocols SSLv3 TLSv1;
with:
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
/etc/init.d/nginx restart