X
Tap here to go to the mobile version of the site.

Support Forum

How can I completely disable ssl3.0? about:config does not have security.enable_ssl3

Posted

Latest discovery by Google says even though I use TLS, I may be configured to be backward compatible to SSL3.0 and a "Poodle" attack by a predator website might induce me to use SSL3.0 and be vulnerable to attack. They say the cure is: "To prevent POODLE attacks on Firefox, open about.config, search for "security.enable," and set "security.enable_ssl3" to false."

First mistake is "about.config" should be "about:config". Second problem is there is no "security.enable_ssl3" line to be found. I don't know if I'm supposed to create the line, and if so, how do I do that?

Latest discovery by Google says even though I use TLS, I may be configured to be backward compatible to SSL3.0 and a "Poodle" attack by a predator website might induce me to use SSL3.0 and be vulnerable to attack. They say the cure is: "To prevent POODLE attacks on Firefox, open about.config, search for "security.enable," and set "security.enable_ssl3" to false." First mistake is "about.config" should be "about:config". Second problem is there is no "security.enable_ssl3" line to be found. I don't know if I'm supposed to create the line, and if so, how do I do that?

Chosen solution

hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

Read this answer in context 13

Additional System Details

Installed Plug-ins

  • Version 5.38.4.0
  • Shockwave Flash 15.0 r0
  • Next Generation Java Plug-in 10.55.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Adobe PDF Plug-In For Firefox and Netscape 11.0.8
  • Google Update
  • 5.1.30514.0
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • iTunes Detector Plug-in
  • RealPlayer(tm) LiveConnect-Enabled Plug-In
  • RealPlayer Download Plugin
  • GEPlugin
  • RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
  • RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In
  • RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
  • RealDownloader Plugin
  • Adobe Shockwave for Director Netscape plug-in, version 12.0
  • RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
  • RealPlayer(tm) HTML5VideoShim Plug-In
  • NPWLPG
  • Dll file of HP Virtual Room Client Launcher Plugin for Firefox, Chrome, and Safari
  • ActiveTouch General Plugin Container Version 105
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers
  • Virtual Earth 3D 4.00090316005 plugin for Mozilla

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0

More Information

the-edmeister
  • Top 25 Contributor
  • Moderator
5386 solutions 39975 answers

Helpful Reply

A new extension has been released to "fix" Firefox 26 and later versions, until Firefox 34 is released on Nov 25th with the fix built-in. https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

A new extension has been released to "fix" Firefox 26 and later versions, until Firefox 34 is released on Nov 25th with the fix built-in. https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
philipp
  • Top 25 Contributor
  • Moderator
5251 solutions 23228 answers

Chosen Solution

hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

hello CPATRON144, you can turn off SSL3 in firefox like this: enter '''about:config''' into the firefox address bar (confirm the info message in case it shows up) & search for the preference named '''security.tls.version.min'''. double-click it and change its value to '''1'''. https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

Question owner

Thanks. I appreciate the reply.

Thanks. I appreciate the reply.