Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Web Design

POODLE (https://poodle.io/) Disabling

advertisement 
Protecting Browsers against POODLE
Page 1 of 12
POODLE (https://poodle.io/) Disabling
SSLv3 Support in Browsers
Good News! Your browser does not support SSLv3.
If you would like to prevent from possibly being exploited through POODLE, you can disable the use of
SSLv3 within your web browser. We provide instructions for common browsers and operating systems
below.
• Firefox
• Google Chrome
◦ Windows
◦ Ubuntu
◦ Mac OS X
◦ Other
• Internet Explorer
• Safari
Firefox
Please see the Mozilla Security Blog (https://blog.mozilla.org/security/2014/10/14/the-poodleattack-and-the-end-of-ssl-3-0/) for how to protect yourself (plug-in available under "Additional
Precautions").
Alternatively, you can set the value
security.tls.version.min = 1
in the
about:config
dialog.
Google Chrome
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 2 of 12
Chrome does not have a setting configurable in the user interface to turn of SSLv3. Instead,
Chrome needs to be told not to use SSLv3 at launch. To automatically launch Chrome with SSLv3
disabled, follow the instructions for your operating system below.
•
•
•
•
Windows
Ubuntu
Mac OS X
Other
Windows
Be Advised! This only protects you if you open Google Chrome from the shortcut on the
desktop.
1. Right click the Google Chrome shortcut on the desktop.
2. Click Properties from the drop-down menu.
3. You will see the properties menu for the shortcut to Google Chrome.
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 3 of 12
4. Click inside the "Target" box and scroll all the way to the right (past the quote (")).
5. Enter ­­ssl­version­min=tls1 .
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 4 of 12
6. Click "OK" on the properties menu.
7. When asked for administrator permissions, click "Continue".
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 5 of 12
Ubuntu
Thanks to gertvdijk on AskUbuntu (http://askubuntu.com/questions/537196/how-do-i-patchworkaround-sslv3-poodle-vulnerability-cve-2014-3566).
1. Open /usr/share/applications/google­chrome.desktop in a text editor
2. For any line that begins with "Exec", add the argument ­­ssl­version­min=tls1
◦ For instance the line Exec=/usr/bin/google­chrome­stable %U should become
Exec=/usr/bin/google­chrome­stable ­­ssl­version­min=tls1
3. Reboot
OS X
Thanks to Jorja Hung on GitHub (https://springerpe.github.io/tech/2014/10/15/how-not-to-getbitten-by-poodle.html).
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 6 of 12
Be Advised! This only protects you if you open Google Chrome from the Application that you
create in Automator.
1. Open Automator from Applications.
2. Double-click "Workflow".
3. Under Library, click Utilities.
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 7 of 12
4. Double-clide "Run Shell Script".
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
5. Replace
cat
with
open ­a "Google Chrome.app" ­­args ­­ssl­version­min=tls1
https://zmap.io/sslv3/browsers.html
Page 8 of 12
.
10/17/2014
Protecting Browsers against POODLE
Page 9 of 12
6. In the toolbar at the top of the screen, click "File" and then "Save".
7. In the "Save As" box, type Chrome­POODLE­Proof.app
.
8. In the "File Format" drop-down box, select "Application".
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 10 of 12
9. Click "Save".
Depending on how you open Google Chrome, you may have to open it in a different way. If you
open it through Spotlight, just type Chrome-POODLE-Proof instead of Google Chrome If you open it
by clicking on it in the Dock, open Finder, and click Applications. Drag-and-drop the ChromePOODLE-Proof.app to the Dock. When you want to open Chrome, click the icon that looks like a
robot holding a pipe instead of the normal Google Chrome icon.
Other Operating Systems
For any operating system, launching Chrome from the command-line with the extra flag
­­ssl­version­min=tls1 will disable SSLv3. Consult your documentation for more detail.
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
Page 11 of 12
Internet Explorer
To disable SSLv3 in Internet Explorer on Windows Vista and newer, uncheck the "Use SSL 3.0" box
on the "Advanced" tab in the Internet Options program.
1. Launch "Internet Options" from the Start Menu
2. Click the "Advanced" tab
3. Uncheck "Use SSL 3.0"
4. Click "OK"
Safari
We currently do not know of a fix for Safari. If you know of one, please e-mail us at poodleteam@umich.edu. (mailto:poodle-team@umich.edu)
https://zmap.io/sslv3/browsers.html
10/17/2014
Protecting Browsers against POODLE
https://zmap.io/sslv3/browsers.html
Page 12 of 12
10/17/2014
Related documents
AP World History
AP World History
Name: ______________________________________________ WEBSITE RULES Requirement:
Name: ______________________________________________ WEBSITE RULES Requirement:
Download
advertisement