Turning off SSLv3 in your browser.
POODLE attacks you the surfer, not the server you are visiting. It allows access to the encrypted traffic from you to the secure server you are using and from that server to you. It only has access to what you send and recieve from it, this includes your password and login.
You can turn off SSLv3 in your brower to ensure that you are not connecting to secure sites with the SSLv3 protocol. This will ensure that anyone attempting to use POODLE will not be able to decrypt your traffic.
Be aware that if you use the POODLE Check
tool and see TLS is NOT suppoted on this site
and you turn off SSLv3 you will not be able to browse to the secure area of the site until that site enables these protocols.
In Firefox you can browse to about:config and modify the security.tls.version.min setting to 1 (from 0) to remove TLSv3 support from your browser.
In Internet Explorer. Go to 'Settings' > 'Internet Options' and choose the 'Advanced' tab. Locate the box that says 'Use SSL 3.0' and uncheck this box.
Mac OS X
- Exit any running-instance of chrome.
- Find the shortcut you normally use to launch chrome.
- Create a copy of it
- Right click on the new shortcut, and select Properties
- At the very end of the Target: text box, add a space and then --ssl-version-min=tls1
- It should end in something like "...\chrome.exe" --ssl-version-min=tls1
- Double click the new shortcut to launch chrome with the new command line flags.
- Quit any running instance of chrome.
- Launch /Applications/Utilities/Terminal.app
- At the command prompt enter:
- /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ssl-version-min=tls1
- Exit any running instance of chrome.
- Execute in a console:
- google-chrome --ssl-version-min=tls1 (If you are using a different named chrome/chromium build, change the command accordingly)
- you can also modify the shortcut in your kicker in KDE right click the kicker and select "Modify application", locate Chrome and add the flag to the end ot the field "Command:"
- Put the device into dev mode so you can get a root shell
- Modify /etc/chrome_dev.conf (read the comments in the file for more details)
- Restart the UI via:
- sudo restart ui
Once complete you can test your browser to verify if this worked here