We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Pretraži podršku

Izbjegni prevare podrške. Nikad te nećemo tražiti da nas nazoveš, da nam pošalješ telefonski broj ili da podijeliš osobne podatke. Prijavi sumnjive radnje pomoću opcije „Prijavi zlouporabu”.

Saznaj više

How can I completely disable ssl3.0? about:config does not have security.enable_ssl3

  • 3 odgovora
  • 11 ima ovaj problem
  • 2 prikaza
  • Posljednji odgovor od CPATRON144

more options

Latest discovery by Google says even though I use TLS, I may be configured to be backward compatible to SSL3.0 and a "Poodle" attack by a predator website might induce me to use SSL3.0 and be vulnerable to attack. They say the cure is: "To prevent POODLE attacks on Firefox, open about.config, search for "security.enable," and set "security.enable_ssl3" to false."

First mistake is "about.config" should be "about:config". Second problem is there is no "security.enable_ssl3" line to be found. I don't know if I'm supposed to create the line, and if so, how do I do that?

Latest discovery by Google says even though I use TLS, I may be configured to be backward compatible to SSL3.0 and a "Poodle" attack by a predator website might induce me to use SSL3.0 and be vulnerable to attack. They say the cure is: "To prevent POODLE attacks on Firefox, open about.config, search for "security.enable," and set "security.enable_ssl3" to false." First mistake is "about.config" should be "about:config". Second problem is there is no "security.enable_ssl3" line to be found. I don't know if I'm supposed to create the line, and if so, how do I do that?

Izabrano rješenje

hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

Pročitaj ovaj odgovor u kontekstu 👍 13

Svi odgovori (3)

more options

A new extension has been released to "fix" Firefox 26 and later versions, until Firefox 34 is released on Nov 25th with the fix built-in. https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/

more options

Odabrano rješenje

hello CPATRON144, you can turn off SSL3 in firefox like this: enter about:config into the firefox address bar (confirm the info message in case it shows up) & search for the preference named security.tls.version.min. double-click it and change its value to 1.

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

more options

Thanks. I appreciate the reply.