Categories
Tips

Secure Websites Not Responding – Disable SSLv3

With the latest news about the new SSL vulnerability, after the not so long ago HEARTBLEED vulnerability, now we are been threatened by a POODLE. Because of this, browsers are blocking the use of SSLv3 causing some HTTPS websites to stop responding, in my case either in Chromium and Firefox. I noticed that any other website was working fine but every time a tried to access Gmail or Outlook mail services, my browser kept hanging on with the loading icon twirling and twirling, after almost 3 minutes, then I received a prompted error about SSL Certificate error. Do you wonder why the name? Actually, this vulnerability was call POODLE because of its acronym which means, Padding Oracle On Downgraded Legacy Encryption.

If you are having the same problem, this means your browser is susceptible to the POODLE nightmare :-). The only way to fix this problem is disabling SSLv3. These are the solutions for Chromium and Firefox in Ubuntu 14.04 LTS. See my configurations below.

My computer configurations

Disabling SSLv3 in Chromium

To fix your problem in Chromium you have to get your hands dirty and open your Terminal with Ctrl+Alt+T and type in:

~$ sudo gedit /usr/share/applications/chromium-browser.desktop

Type in your password when prompted and Enter/Return. This will open your text editor with administration privileges. Find the line that says:

Exec=chromium-browser %U

and modify it to:

Exec=chromium-browser --ssl-version-min=tls1 %U

Save and close the editor and in the terminal enter command:

~$ sudo gedit /etc/chromium-browser/default

This will allow you to edit the configuration file for Chromium browser, find the line that look something like:

CHROMIUM_FLAGS=""

and modify it with:

CHROMIUM_FLAGS="--ssl-version-min=tls1"

Save and close the browser for the settings to take effect. You might have to sign in again if you have your browser synced.

Disabling SSLv3 in Mozilla Firefox

If you use Mozilla also, as I do, then open your Firefox browser and type in the address bar:

about:config

This will prompt a warning to be careful, press OK.

Firefox warning when configuring by hand

In the search bar type in:

security.tls.version.min

From all the  options that show up use the one that actually says security.tls.version.min, double click in the value column which will prompt you a text field, if the value is not 1 then change this value to 1.

Also you can install the Mozilla extension to disable this by default, found it here.

With this done, you should be able to log in to your email accounts, use your Facebook and any other service that requires SSL encryption. The only thing this does is to use TLS1, TLS2 and TLS3 as the main options for secure communication and avoid using the compromised SSL version 3 service.

For more information about the Poodle thread follow this link or read this PDF file. If you need to information in how to accomplish this in other browsers and operating systems, you can visit this pages:

  1. https://disablessl3.com/
  2. Ask Ubuntu thread – really good

I hope this help you guys… Happy Coding and Happy Developing!

Leave a Reply