GlobalSign Blog

Internet Explorer, Mozilla Firefox and Google Chrome to disable SSL 3.0 by default

Internet Explorer, Mozilla Firefox and Google Chrome to disable SSL 3.0 by default

Earlier this month, the Poodle vulnerability was disclosed in the SSL 3.0 protocol. As pre-empted, the main browser providers have put a series of measures in place to protect customers and have now confirmed that they will fully disable the vulnerable protocol by default to fully eliminate the risks.

Timelines

Shortly after the vulnerability was disclosed, the main browser providers published security advisories to help customers immediately disable the SSL 3.0 protocol in all versions of their browsers. To help protect customers further, the protocol will be fully disabled by default in future, according to the timelines below.

* Websites still using the SSL v3.0 protocol will trigger the display of the yellow badge in Chrome 39: 

Google URL Warning

What should I do?

Although the browser providers are providing advanced warning, website administrators should proactively configure their server to only allow TLS v1.0+ as soon as possible. They should also proceed to upgrade their systems to avoid any compatibility issues.

Website users should follow security advisories and instructions on how to disable communications over SSL v3.0 in their current browser version, and upgrade to the newer browser versions as soon as they become available.

Stay posted

For further information, check out these links:

http://azure.microsoft.com/blog/2014/10/29/protecting-against-the-ssl-3-0-vulnerability

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/  

https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/Vnhy9aKM_l4 

Share this Post

Recent Blogs

  • Resolving the Conflict Between Availability and Security in IT

    Aug 18, 2022

    Operations teams have availability as a priority, whereas security teams are solely focused on creating a secure environment. As a result, there is often conflict between operations and security. Explore how to resolve the conflict.

  • 10 Tips for Hiring and Retaining IT Employees

    Aug 17, 2022

    As the saying goes, "people are your most important asset." This is especially true in the field of information technology (IT), where a company's ability to hire and retain top talent can be the difference between success and failure. Here are 10 ways companies can hire and retain top IT talent.

  • Cybersecurity News Round-Up: Week of August 8, 2022

    Aug 12, 2022

    The UK feeling pained following a ransomware attack on the NHS, 18 tech & cyber companies launch new security standard for sharing cybersecurity information