How can I completely disable ssl3.0? about:config does not have security.enable_ssl3
Latest discovery by Google says even though I use TLS, I may be configured to be backward compatible to SSL3.0 and a "Poodle" attack by a predator website might induce me to use SSL3.0 and be vulnerable to attack. They say the cure is: "To prevent POODLE attacks on Firefox, open about.config, search for "security.enable," and set "security.enable_ssl3" to false."
First mistake is "about.config" should be "about:config". Second problem is there is no "security.enable_ssl3" line to be found. I don't know if I'm supposed to create the line, and if so, how do I do that?
hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.Read this answer in context 13
Additional System Details
- Version 18.104.22.168
- Shockwave Flash 15.0 r0
- Next Generation Java Plug-in 10.55.2 for Mozilla browsers
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Adobe PDF Plug-In For Firefox and Netscape 11.0.8
- Google Update
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- iTunes Detector Plug-in
- RealPlayer(tm) LiveConnect-Enabled Plug-In
- RealPlayer Download Plugin
- RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
- RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In
- RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
- RealDownloader Plugin
- Adobe Shockwave for Director Netscape plug-in, version 12.0
- RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
- RealPlayer(tm) HTML5VideoShim Plug-In
- Dll file of HP Virtual Room Client Launcher Plugin for Firefox, Chrome, and Safari
- ActiveTouch General Plugin Container Version 105
- The plug-in allows you to open and edit files using Microsoft Office applications
- Office Authorization plug-in for NPAPI browsers
- Virtual Earth 3D 4.00090316005 plugin for Mozilla
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
A new extension has been released to "fix" Firefox 26 and later versions, until Firefox 34 is released on Nov 25th with the fix built-in. https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.
Thanks. I appreciate the reply.