GlobalSign Blog

03 Nov 2014

Internet Explorer, Mozilla Firefox and Google Chrome to disable SSL 3.0 by default

Earlier this month, the Poodle vulnerability was disclosed in the SSL 3.0 protocol. As pre-empted, the main browser providers have put a series of measures in place to protect customers and have now confirmed that they will fully disable the vulnerable protocol by default to fully eliminate the risks.

Timelines

Shortly after the vulnerability was disclosed, the main browser providers published security advisories to help customers immediately disable the SSL 3.0 protocol in all versions of their browsers. To help protect customers further, the protocol will be fully disabled by default in future, according to the timelines below.

* Websites still using the SSL v3.0 protocol will trigger the display of the yellow badge in Chrome 39:

Google URL Warning

What should I do?

Although the browser providers are providing advanced warning, website administrators should proactively configure their server to only allow TLS v1.0+ as soon as possible. They should also proceed to upgrade their systems to avoid any compatibility issues.

Website users should follow security advisories and instructions on how to disable communications over SSL v3.0 in their current browser version, and upgrade to the newer browser versions as soon as they become available.

Stay posted

For further information, check out these links:

http://azure.microsoft.com/blog/2014/10/29/protecting-against-the-ssl-3-0-vulnerability

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/Vnhy9aKM_l4

Share this Post

Subscribe to our Blog