Skip to main content

How To Protect IE, Chrome and Firefox from the POODLE SSL v3 Exploit

Posted October 2014 by Steve Sinchak

Google security researchers have published details about a major security flaw found in the SSL protocol that is used to encrypt data transferred between your browser and a web server. SSL is typically used in situations where logon credentials are validated or when other confidential information is exchanged (e.g. online banking). The exploit Google discovered works by taking advantage of two vulnerabilities.  1. Manipulate your web browser into using an old version of the SSL protocol. 2. Using a known exploit in the old version to essentially decrypt the encrypted traffic.

SSL version 3.0 is an old protocol that has been replaced by newer versions based on TLS but all of the popular web browsers still support it for compatibility with some websites. Previously this was not an issue as web browsers would automatically use the latest and most secure protocol to create the secure connection.  However, now that web browsers can be manipulated to use an older insecure version, the feature designed only for compatibility has become a big problem.

The solution is actually fairly straightforward, in order to prevent browsers from being manipulated into using the old bad version, disable browser support for the old version.  Follow the instructions below to improve the security of your web browsers.

Internet Explorer

  1. Open Internet Explorer, click on the gear toolbar icon within Internet Explorer and select Internet Options.

  2. When Internet Options loads, click on the Advanced tab.

  3. Scroll down to the Security section and remove the check next to Use SSL 3.0.

  1. Click OK and close Internet Explorer.

  2. Open Internet Explorer and verify SSL v3 has been disabled by navigating to the Qualys SSL Client Tester.

Google Chrome

The only way to disable SSL v3 in Chrome is to append a special command line parameter to all of the shortcuts you use to start Chrome.

  1. Right click on the Google Chrome shortcut and select Properties. If the shortcut is pinned to your taskbar, right click on it and then right click on the shortcut listed in the jump list right above the "Unpin this program from the taskbar" and click Properties.

  2. Append --ssl-version-min=tls1 to the end of the path listed in the Target box.

  1. Click OK.

  2. Close and restart Chrome and verify SSL v3 has been disabled by navigating to the Qualys SSL Client Tester.

FireFox

  1. Open FireFox and navigate to about:config.

  2. Click through the warning screen.

  3. Search for security.tls.version.min and set the value to 1.

  1. Close and restart FireFox and verify SSL v3 has been disabled by navigating to the Qualys SSL Client Tester.

Related Posts


If you own a Google Chromecast streaming device, you can easily share a browser tab in Chrome browser or even your entire desktop.  This can be very useful when presenting from your laptop or if you just want to watch something on a big screen that is only on your PC.  The only requirement is you must be on the same network as your Chromecast...

Read More

If you are a fan of minimalist desktop experiences, hiding the desktop icons are an easy way to clean up the Windows interface.  Instead of saving everything to your desktop, use the default profile folders such as downloads and documents.  Actually hiding all the icons on your desktop is a very simple customization hidden in the right-click context menu.  Just right-click on the desktop, select View...

Read More

Enabling two-factor authentication is a great way to add an additional level of protection to your Microsoft account.  Even if your password is stolen, your account is still protected because two-factor authetication requires an additional level of verification to log in. Microsoft calls their version of two-factor authentication "two-step verification" and it works by providing you with a random code...

Read More

In the latest version of iOS Apple included a new feature called AirPrint. Designed to bring native printing support to the iOS platform it can be found on version 4.2 or later on devices such as the iPhone, iPod, and iPad. At launch only a handful of HP wireless printers could be used but with the help of this article it is possible to AirPrint to any printer connected to a Windows computer, including...

Read More