Thursday, October 23, 2014

fixing poodle vulnerabilities on cpanel services

This guide will help to disable ssl2 and ssl3 support.

/var/cpanel/conf/cpsrvd/ssl_socket_args
SSL_cipher_list=ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSL_version=TLSv1

#SSLProtocol ALL -SSLv2 -SSLv3

restart service
/etc/init.d/cpanel restart

test
openssl s_client -connect example.com:2087 -ssl3

should get error
CONNECTED(00000003)
44604:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52/src/ssl/s3_pkt.c:1125:SSL alert number 40
44604:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52/src/ssl/s3_pkt.c:546:

openssl s_client -connect example.com:2087 -tls1

note:
do not add -SSLv3 to SSL_cipher_list as it will disable tls as well.

Tuesday, October 21, 2014

laravel saving child model

Took me hours to finally figure this out.

When calling child has_many, calling method seems to return the association / querybuilder,
but calling attribute seems to return the collection.

so save the child record,

$object->childs()->save($child)

to get list of collection of childs, calling:

foreach($object->childs as $child)