How can I completely disable ssl3.0? about:config does not have security.enable_ssl3
Latest discovery by Google says even though I use TLS, I may be configured to be backward compatible to SSL3.0 and a "Poodle" attack by a predator website might induce me to use SSL3.0 and be vulnerable to attack. They say the cure is: "To prevent POODLE attacks on Firefox, open about.config, search for "security.enable," and set "security.enable_ssl3" to false."
First mistake is "about.config" should be "about:config". Second problem is there is no "security.enable_ssl3" line to be found. I don't know if I'm supposed to create the line, and if so, how do I do that?
Valitud lahendus
hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
Loe vastust kontekstis 👍 13All Replies (3)
A new extension has been released to "fix" Firefox 26 and later versions, until Firefox 34 is released on Nov 25th with the fix built-in. https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
Valitud lahendus
hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
Thanks. I appreciate the reply.