How to protect against SSL 3.0 vulnerability

Check your server
Qualys SSL Test

Check your browser
https://zmap.io/sslv3/
https://www.poodletest.com/
https://poodle.io/sslv3test.html
https://www.ssllabs.com/ssltest/viewMyClient.html

Protect your servers
https://zmap.io/sslv3/servers.html

Protect your browsers
Mozilla will remove SSL 3.0 in Firefox 34, the next stable version of the web browser that will be released in six weeks. Google plans to remove SSL 3.0 support in Chrome as well in the next months.

Firefox
Firefox users can type “about:config” into their address bar and then “security.tls.version.min” into the search box. Change the setting from 0 to 1. The existing setting allows Firefox to use SSLv3 where it’s available and if it’s required. By changing the setting you will force Firefox to only ever use TLSv1.0 or better, which is not vulnerable to POODLE.

Chrome
Chrome users don’t have an option in the GUI to disable SSLv3.
In Windows, right click on your Chrome shortcut, hit Properties and add the command line, “–ssl-version-min=tls1” to enforce the use of TLS and prevent any connection using the SSL protocol. If you use Google Chrome on Mac, Linux, Chrome OS or Android, follow the instructions here.

Internet Explorer
Go to Settings, Internet Options, Advanced tab. Scroll down until you see the Use SSL 3.0 checkbox,  uncheck it.

 

More Info

Alexa HTTPS Sites Without TLS Support

https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/

http://www.ghacks.net/2014/10/15/ssl-3-0-vulnerability-discovered-find-out-how-to-protect-yourself/

https://technet.microsoft.com/en-us/library/security/3009008.aspx

https://zmap.io/sslv3/servers.html

https://zmap.io/sslv3/browsers.html

 

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: