On October 14, 2014 Google has discovered a vulnerability in SSL V3.0 called POODLE that allows an attacker to capture encrypted data in plain text using man-in-the-middle attack. To protect your browser from the bug, you should disable SSL V3.0 support in your browser. Follow the instructions below to accomplish that.
- Type “about:config” in your address bar.
- A warning message may show up, click on the button “I’ll be careful, I promise”.
- Type “security.tls.version.min” in the search box.
- Double click on the first result and change the value from 0 to 1.
- Restart Firefox.
Chrome doesn’t have direct option in its GUI to disable SSL V3.0, but fortunately there is another way.
- Right click on chrome shortcut and click properties.
- Under the general tab, put the following in the target box “--ssl-version-min=tls1”.
- Save and restart Chrome.
- Open settings, internet options.
- Click on the Advanced tab.
- Scroll down until you find “Use SSL 3.0” under the security category.
- Uncheck it. Apply settings and restart IE.
To check if SSL V3.0 was removed correctly from your browser, visit this link https://zmap.io/sslv3/
If your browser still supports SSL V3.0, you'll see a warning message in red. Otherwise, you are safe.
To secure your servers against the POODLE vulnerability click here.