Patching POODLE in Forge in 2 easy steps

Posted on 18 October 2014

If you're using Forge to manage your server, here's a quick tip to patch the SSLv3 POODLE bug in 2 easy steps.

Step 1

Go to the Recipes section in your Forge dashboard and create a new recipe with the details below:

Name: Patch Poodle (or anything else you want to name it)

User: root


printf 'ssl_protocols TLSv1 TLSv1.1 TLSv1.2;' > /etc/nginx/conf.d/ssl_protocols.conf
service nginx restart

Step 2

Click on the Play icon next to your recipe and run it across all your servers.

That's it. Done!

What's happening here?

Look at the contents of the /etc/nginx/nginx.conf file. At the bottom of the http block, you'll see the following:

include /etc/nginx/conf.d/*.conf;

All the configuration files in the /etc/nginx/conf.d directory are included in the main file.

Update: There is now an official recipe for Forge to patch POODLE. Different approach, same results.