Disable SSL 3.0 in Firefox

A vulnerability in SSL 3.0 (POODLE) could allow an attacker to obtain clear text data (such as cookies). Modern web browsers support newer stronger encryption methods which are not vulnerable. Unfortunately to ensure backwards compatibility they will silently revert to using SSL 3.0 if necessary when establishing a connection.

The easiest way to prevent an attacker from attempting to exploit this vulnerability is to disable the use of SSL 3.0. The next version of Firefox will disable SSL 3.0 by default but you can disable it in other recent versions by modifying the configuration settings.

Note : This might cause incompatibility problems with some sites that are using an out of date web server – but do you really want to trust those sites with your data?

To access the configuration settings open Firefox and type ‘about:config’ (without quotes) into the address bar.

mozilla-ssl-config-01Acknowledge the warning message (if you don’t feel confident about following these instructions do not continue).

mozilla-ssl-config-02Then in the search bar type ‘security.tls’ to view the security settings we are interested in.

mozilla-ssl-config-03Double-click on the entry labeled ‘security.tls.version.min’.

mozilla-ssl-config-04The default value of zero allows the browser to establish a secure connection without using TLS – setting this to one will force the browser to use TLS and prevent it from using SSL 3.0.

mozilla-ssl-config-05Click on ‘OK’ to save the changes, and then restart Firefox.

Firefox is a trademark of the Mozilla Foundation.

This entry was posted in Networking, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s