POODLE vulnerability in SSLv3 is a major security risk and you should take immediate action by disabling SSL 3.0 in your web browser. This article will show you how to turn off or disable SSL 3.0 in Mozilla Firefox. Also learn, how to temporarily enable SSLv3 in Firefox.
Secure Sockets Layer (SSL) is a cryptographic protocol that ensures communication security over the Internet. Back in 2014, Google discovered a vulnerability in SSL 3.0. Named “POODLE”, the vulnerability can be exploited to steal various confidential information, including passwords and cookies. So, SSL 3.0 is now officially insecure. Websites and browsers are urged to turn off SSLv3 and use modern protocols such as Transport Layer Security (TLS).
Disable SSLv3 in Firefox:
SSLv3 is disabled by default since Firefox 34. If you are using an older version of Firefox, follow the steps mentioned below to disable SSL 3.0 and secure your browser.
- Open Mozilla Firefox browser.
- In the Location Bar, enter about:config and press the enter button (or click the arrow symbol in the location bar).
- You’ll receive following warning message: “This might void your warranty”. Click I’ll be careful, I promise!.
- In the Search box under about:config, type tls and some results will appear.
- From the results, find preference named security.tls.version.min and double click on it. The Enter integer value window will appear. Enter 1 and press OK button.
- Next step is to enable default maximum supported TLS version (TLS 1.2). Find preference named security.tls.version.max and double click on it. Enter 3 as the integer value and press OK.
That’s it! You have successfully turned off the SSL 3.0 protocol in your Firefox browser.
The preference security.tls.version.min specifies the minimum required protocol version, while the security.tls.version.max denotes the maximum supported protocol version. Integer value for the both preferences can range from 0 to 3. 0 means SSL 3.0; 1 means TLS 1.0; 2 means TLS 1.1 and 3 means TLS 1.2. In the above mentioned guide, we used integer value 1 for security.tls.version.min. That means TLS 1.0 is the minimum supported protocol in your browser. And a value of 3 for preference security.tls.version.max means, your browser supports encryption protocol up to TLS 1.2.
How to enable SSL 3.0 in Firefox?
Considering the seriousness of the POODLE vulnerability, I’d never suggest anyone to enable SSLv3. Do you want to re-enable SSL 3.0 for testing purpose or for visiting a certain website? If yes, follow the steps below to enable SSLv3 in Firefox.
- Open Firefox browser.
- Enter about:config in the location bar and press the enter button.
- When the warning message appears, press I’ll be careful, I promise! button.
- Go to the Search box inside about:config and type tls.
- Find preference named security.tls.version.min, double click on it.
- Enter 0 in the integer value box and press OK button.
That’s all! By setting 0 as value of security.tls.version.min, you have successfully re-enable SSLv3 in Mozilla Firefox. Don’t make it permanent. Reset or the value for security.tls.version.min or re-enable SSL 3.0 once you are done with your testing.