Oct 23, 2014 - "The following changes force your browser to not use SSL 3.0. Here’s what to adjust in the top three browsers...
Chrome: In Google’s browser, edit the shortcut that launches the browser, adding a flag to the end of the Shortcut path. Start by selecting the icon normally used to launch Chrome. Right-click the icon and select Properties. Under the Shortcut tab, find the box labeled “Target” and insert –ssl-version-min=tls1 immediately after chrome.exe” (see Figure 1). It should look something like this (note the space between .exe” and –ssl-):
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –ssl-version-min=tls1
Figure 1: http://windowssecret...3-TS-Chrome.png
... in the Oct. 14 Mozilla blog post*, Firefox 34, due to be released on Nov. 25, will disable SSL 3.0 support. In the meantime, Mozilla recommends installing the add-on (download site**), “SSL Version Control 0.2? (see Figure 2), which will let you control SSL support within the browser. (Some websites have recommended adjusting Firefox settings in the configuration file, but Mozilla recommends using the add-on instead.)..."
Figure 2: http://windowssecret...41023-TS-FF.png
... Internet Explorer: In IE, click the gear (settings) icon, open Internet options, and then select the Advanced tab. Scroll down the Settings list to the Security category, and then look for Use SSL 3.0. Uncheck the box (see Figure 3), click OK, and then relaunch IE... Microsoft released an initial security advisory on this topic; expect to see additional guidance in the near future...
Figure 3: http://windowssecret...41023-TS-IE.png
... How to test your browser’s TLS/SSL protection:
Several websites test whether your currently open browser supports SSL 3.0. For a simple test, Poodletest.com displays a poodle dog if your browser still supports SSL 3.0, and a Springfield terrier if it doesn’t. On the other hand, Qualys SSL Labs (site***) provides a more detailed analysis of the SSL protocols your browser supports.
As noted above, some business sites such as online -banking- might still need SSL 3.0. Again, I recommend leaving SSL 3.0 support on -one- browser; it’ll be faster and safer than repeatedly adjusting browser settings. If you’re running a Web server or small-business server, you should -disable- SSL 3.0 support to better protect connected workstations and Internet-based phones... there’s a silver lining to this latest security mess — it should now force everyone on the Internet to finally abandon a dated, insecure protocol."
"Your user agent is not vulnerable..." < What you want to see after the new Firefox extention is installed.
- https://web.nvd.nist...d=CVE-2014-3513 - 7.1 (HIGH)
Last revised: 10/22/2014
- https://web.nvd.nist...d=CVE-2014-3567 - 7.1 (HIGH)
Last revised: 10/31/2014
- https://web.nvd.nist...d=CVE-2014-3568 - 4.3
Last revised: 10/31/2014
Edited by AplusWebMaster, 03 November 2014 - 01:48 PM.