Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Does POODLE SSLv3 effect Mozilla Firefox?

  • 5 uphendule
  • 5 zinale nkinga
  • 2371 views
  • Igcine ukuphendulwa ngu jacobwp

more options

Does this SLL v3 Poodle Breach effect Firefox? Does my Firefox need to updated?

Reply soon!

Jacob

Isisombululo esikhethiwe

Firefox tries to use the latest connection method (TLS 1.2) with sites, and then "falls back" to TLS 1.1, TLS 1.0, and finally SSL 3.0 if the site doesn't support a newer method.

If you want to block Firefox from falling back to SSL 3.0 so that you won't unknowingly make a Poodle-vulnerable connection, you can change a setting so that SSLv3 is never used. A few sites might not work with this setting, but I think it will be very few.

Here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste tls and pause while the list is filtered

(3) Double-click the security.tls.version.min preference and change the value from 0 to 1

What that means is, the lowest Firefox will go is TLS 1.0. I actually made this change myself this afternoon for the same reason.

Funda le mpendulo ngokuhambisana nalesi sihloko 👍 32

All Replies (5)

more options

Isisombululo Esikhethiwe

Firefox tries to use the latest connection method (TLS 1.2) with sites, and then "falls back" to TLS 1.1, TLS 1.0, and finally SSL 3.0 if the site doesn't support a newer method.

If you want to block Firefox from falling back to SSL 3.0 so that you won't unknowingly make a Poodle-vulnerable connection, you can change a setting so that SSLv3 is never used. A few sites might not work with this setting, but I think it will be very few.

Here's how:

(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

(2) In the search box above the list, type or paste tls and pause while the list is filtered

(3) Double-click the security.tls.version.min preference and change the value from 0 to 1

What that means is, the lowest Firefox will go is TLS 1.0. I actually made this change myself this afternoon for the same reason.

more options
more options

So if i change this (security.tls.version.min ) from 0 to 1 this will stop the sslv3 from affecting me?

Regards, jacob

more options

Yes, the value of security.tls.version.min = 1 will disable SSL3.


  • bug 1076983 - (POODLE) Padding oracle attack on SSL 3.0

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

more options

Thanks for all the help!

Regards, Jacob