Time to Switch off SSLv3

You probably have heard of the SSL 3.0 vulnerability aka Poodle. So if you haven’t or if you have and haven’t done anything about it, it’s definitely time to switch it off.

I simply went though my browsers and turned it of, as nowadays it should not be used anymore. To check if your browser is vulnerable, just check out the Poddle Test. If it does look like below, follow the instructions to make it look different.

Poodle TestFirefox

In Firefox you simply type in

about:config

in the address bar of the browser. In the configurations settings you now need to set the value for security.tls.version.min to 1.

Firefox TLS 1Once done, you should be safe, I was told. However, using Firefox ESR 31.1.1, the Poodle Test above still indicates vulnerability.

However, with version 32.0.3 on Mac OS X, setting the minimum TLS version works as a charme.

Poodle TestInternet Explorer

For IE, you should check out Microsoft Security Advisory 3009008 giving a workaround how to turn SSL 3.0 off.

Tools / Internet Options / Advanced got ot the Security category and uncheck Use SSL 3.0 and check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.

IE TLS SettingsAgain this should at least give you the feeling of security.

Leave a Reply