Close

This site uses cookies. You can read how we use them in our privacy policy.

   

SSL 3.0 Vulnerability Discovered. Read How To Protect Your Browser

Published by Adam G. on October 17, 2014 | Leave a response

Another week, another serious vulnerability discovered. This time Google has discovered an exploit in SSL 3.0 protocol, named POODLE (Padding Oracle On Downgraded Legacy Encryption), that allows an attacker to calculate the plain text of secure connections. Apparently the bug has been present since 1996, when SSL was originally released by Netscape. Although SSL was replaced by TLS and other newer protocols, all modern browsers still support SSL. The problem is that SSL 3.0 is used as a fallback mechanism when newer protocols can’t work on certain HTTPS sites. This is where an attacker can take advantage of the bug.

Google is about to release an updated Google Chrome version with the SSL 3.0 fallback disabled. As a result, some websites still using this protocol will no longer work and will have to be updated. In the coming months, Chrome will discard SSL 3.0 support completely.

How to protect your internet browser

First, check if your browser supports SSL 3.0.

If you are using Google Chrome, it’s best to wait for an update. The update should not take long to be released.

If you use Mozilla Firefox, you can disable SSL 3.0 yourself:

  1. Open Mozilla Firefox
  2. Type “about:config” in the address bar
  3. Accept the warning (usually it’s a button named “I’ll be careful, I promise!“)
  4. Search for “security.tls.version.min” and double-click on it
  5. Enter “1” as a value, click OK
  6. Restart your browser

If your primary browser is Internet Explorer, you will have to use Harden SSL/TLS tool (you can read official documentation here) to make sure SSL is never used by the browser.

  1. Download Harden SSL/TLS tool
  2. Extract the downloaded .zip file to your Desktop
  3. Launch “sslharden.exe” (Windows may not have the required .NET Framework 3.5. In that case, it should automatically download it for you)
  4. Under protocols find SSL 3.0 and double-click on it to disable the protocol:
    Harden SSL/TLS tool
  5. Close the app. It will tell you indicating the successful addition to the Windows Registry.

Opera and Safari users should wait for their browser’s update.

Article written by Adam G.

Adam is a computer security enthusiast, web developer and Windows/Linux geek. Loves metal music, chess and Starbucks.

Please comment with your real name using good manners.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.