The article below explains how to disable SSL 3.0. If you would rather have CWCS Support do this for you and you are not a managed customer, please order a 30 minute special request.
Apache Servers (including Plesk servers not running nginx)
To disable SSL 3.0 in Apache, you need to find the SSLProtocol directive in the Apache configuration (e.g. /etc/httpd/conf.d/ssl.conf by default on CentOS, or /etc/apache2/mods-enabled/ssl.conf on Debian/Ubuntu), and change it to the following:
SSLProtocol All -SSLv2 -SSLv3
cPanel/WHM
On cPanel servers, you can go to Service Configuration->Apache Configuration->Include Editor->Pre Main Include in WHM, select All Versions in the Select an Apache Version drop-down menu, and add the SSLProtocol directive there.
Then reload either the httpd (CentOS) or apache2 (Debian/Ubuntu) service, e.g.:
service httpd reload
Plesk running nginx
On Plesk servers running nginx, it's slightly trickier as the ssl_protocols directive appears in every vhost's configuration. You can check if nginx is enabled by seeing if it is running in the Services Management section of the control panel. To disable nginx, stop the service.
Edit the template /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php. Find the ssl_protcols directive and change it to the following:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Make the same change in /usr/local/psa/admin/conf/templates/default/nginxWebmailPartial.php and /usr/local/psa/admin/conf/templates/default/server/nginxVhosts.php if they exist, then apply the change to all vhosts by running:
plesk sbin httpdmng --reconfigure-all
You can verify whether SSL 3.0 is enabled using openssl, e.g.:
openssl s_client -connect www.yourdomain.dom:443 -ssl3
The above command will attempt to connect to www.yourdomain.dom using SSL 3.0. If this has been disabled successfully, the output should look something like this:
CONNECTED(00000003)
139879594837664:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
139879594837664:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1413390818
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
(Look for "handshake failure" on the second and third lines)