POODLE Attack: Fix After Browser Update

TL;DR

Your browser update didn’t fully fix POODLE? This guide shows you how to disable SSLv3 and check your configuration. It’s a bit technical, but important for security.

What is POODLE?

POODLE (Padding Oracle On Downgraded Legacy Encryption) is an old vulnerability that allows attackers to decrypt secure web traffic. Modern browsers should be protected, but sometimes older settings remain enabled.

Step-by-step fix

Check if SSLv3 is still enabled in your browser. The easiest way depends on your browser:
- Chrome: Type chrome://flags into the address bar and search for ‘SSLv3’. If it’s enabled, disable it. Restart Chrome.
- Firefox: Type about:config into the address bar (accept the risk!). Search for ‘security.tls.version.min’. Make sure its value is at least 3 (for TLS 1.2) or higher. If it’s lower, change it to 3 and restart Firefox.
- Edge: Edge generally handles this automatically with updates but check the Internet Options settings as described in step 2.
Check Internet Options (Windows). This affects browsers built on the Windows engine (like older versions of Edge):
- Open Internet Options (search for it in the Start Menu).
- Go to the Advanced tab.
- Scroll down to the Security section.
- Uncheck “Use SSLv3”.
- Uncheck “Use TLS 1.0” if you are confident your sites support TLS 1.2 or higher (recommended).
- Click Apply and then OK. Restart your browser.
Test your SSL/TLS configuration. Use an online tool to verify:
- SSL Labs SSL Server Test: This is a comprehensive test.
- TestSSL.sh: A command-line tool (see step 4).
(Advanced) Use TestSSL.sh from the command line. If you’re comfortable with the command line:
```
testssl.sh --version
```
This will show you which SSL/TLS versions are supported by a server. Replace example.com with the website you want to test:
```
testssl.sh example.com
```
Look for lines indicating support for TLS 1.2 and higher, and *no* support for SSLv3.
Clear your browser cache. Sometimes old data can interfere with the new settings.
Restart your computer. A full restart ensures all changes are applied.

Important Notes

Disabling SSLv3 is generally safe, but very old websites might not work correctly.
Always keep your browser and operating system up to date for the latest security patches.
If you manage a website, ensure it supports TLS 1.2 or higher and disable SSLv3 on your server configuration.

TL;DR

What is POODLE?

Step-by-step fix

Important Notes

Something Fresh

Zip Codes & PII: Are They Personal Data?

ZeroNet: 51% Attack Risks & Mitigation

Zero Knowledge Voting with Trusted Server

What People Reading

Feedback and data-driven updates to Googles disclosure policy

Certificate Security in the Wild West

Security Insider Interview Series: John McArthur, Senior Product Manager, IP Intelligence; and Rupert Young, Senior Director Software Engineering, Data Compilation and Identity, Neustar

Mozilla Says Google's New Ad Tech - FLoC - Doesn't Protect User Privacy

This Week's TV: Felicia Day Plays a Hacker with a Dungeons and Dragons Tattoo

Categories

Partners

Just add here your partners image or promo text

POODLE Attack: Fix After Browser Update

TL;DR

What is POODLE?

Step-by-step fix

Important Notes

Related posts

Something Fresh

What People Reading

Categories

Partners

Just add here your partners image or promo text