Firefox tries to use the latest connection method (TLS 1.2) with sites, and then "falls back" to TLS 1.1, TLS 1.0, and finally SSL 3.0 if the site doesn't support a newer method.

If you want to block Firefox from falling back to SSL 3.0 so that you won't unknowingly make a Poodle-vulnerable connection, you can change a setting so that SSLv3 is never used. A few sites might not work with this setting, but I think it will be very few.

Here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste tls and pause while the list is filtered

(3) Double-click the security.tls.version.min preference and change the value from 0 to 1

What that means is, the lowest Firefox will go is TLS 1.0. I actually made this change myself this afternoon for the same reason.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

So if i change this (security.tls.version.min ) from 0 to 1 this will stop the sslv3 from affecting me?

Regards, jacob

Yes, the value of security.tls.version.min = 1 will disable SSL3.

• http://kb.mozillazine.org/security.tls.version.*

• bug 1076983 - (POODLE) Padding oracle attack on SSL 3.0

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

Thanks for all the help!

Regards, Jacob