To update VirtualHosts (for example, to remove the availability of SSLv3), you will need to first GET the existing configuration from Management API. Then, you can edit and POST it back to the Management API.
For this example, we are using XML, but you could easily modify this if you prefer JSON.
First, GET the existing configuration:
curl -u $USERID:$PASSWORD -X GET "http://MANAGEMENT_HOST:MANAGEMENT_PORT/v1/o/ORG/e/ENV/virtualhosts/secure" -H "Accept: application/xml"
Then, save the XML to a file (for example, "/tmp/ORG-ENV-secure.xml") to specify only the TLSv1 Protocol. Below is a sample:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VirtualHost name="secure"> <HostAliases> <HostAlias>myorg.test.com</HostAlias> </HostAliases> <Interfaces/> <Port>443</Port> <SSLInfo> <Ciphers/> <ClientAuthEnabled>false</ClientAuthEnabled> <Enabled>true</Enabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> <KeyAlias>freetrial</KeyAlias> <KeyStore>freetrial</KeyStore> <Protocols> <Protocol>TLSv1</Protocol> </Protocols> </SSLInfo> </VirtualHost>
Then, POST the XML back to the Management API:
curl -u $USERID:$PASSWORD -X POST http://MANAGEMENT_HOST:MANAGEMENT_PORT/v1/o/ORG/e/ENV/virtualhosts/secure -H "content-type: application/xml" -d @/tmp/ORG-ENV-secure.xml
Repeat the first command after the POST, to ensure the configuration has been updated.
@Alex Toombs Is there any impact to the system if we disable the any protocols on relevant hosts?