{"id":2095,"date":"2014-11-05T00:45:43","date_gmt":"2014-11-05T07:45:43","guid":{"rendered":"http:\/\/www.designersgate.com\/blogs\/?p=2095"},"modified":"2014-11-05T00:45:43","modified_gmt":"2014-11-05T07:45:43","slug":"secure-websites-responding-disable-sslv3","status":"publish","type":"post","link":"https:\/\/designersgate.com\/blog\/secure-websites-responding-disable-sslv3\/","title":{"rendered":"Secure Websites Not Responding – Disable SSLv3"},"content":{"rendered":"

With the latest news about the new SSL vulnerability, after the not so long ago HEARTBLEED vulnerability, now we are been threatened by a POODLE. Because of this, browsers are blocking the use of SSLv3 causing some HTTPS websites to stop responding, in my case either in Chromium and Firefox. I noticed that any other website was working fine but every time a tried to access Gmail or Outlook mail services, my browser kept hanging on with the loading icon twirling and twirling, after almost 3 minutes, then I\u00a0received a prompted error about SSL Certificate error.\u00a0Do you wonder why the name? Actually, this vulnerability was call POODLE\u00a0because of its acronym which\u00a0means,\u00a0Padding Oracle On Downgraded Legacy Encryption.<\/p>\n

If you are having the same problem, this means your browser is susceptible to the POODLE\u00a0nightmare :-). The only way to fix this problem is disabling SSLv3. These are the solutions for Chromium and Firefox in Ubuntu 14.04 LTS. See my configurations below.<\/p>\n

\"My<\/a><\/p>\n

Disabling SSLv3 in Chromium<\/strong><\/em><\/p>\n

To fix your problem in Chromium you have to get your hands dirty and open your Terminal with Ctrl+Alt+T and type in:<\/p>\n

~$ sudo gedit \/usr\/share\/applications\/chromium-browser.desktop<\/pre>\n
Type in\u00a0your password when prompted and Enter\/Return. This will open your text editor with administration privileges. Find the line that says:<\/p>\n
Exec=chromium-browser %U<\/pre>\n
and modify it to:<\/p>\n
Exec=chromium-browser --ssl-version-min=tls1 %U<\/pre>\n
Save and close the editor and in the terminal enter command:<\/p>\n
~$ sudo gedit \/etc\/chromium-browser\/default<\/pre>\n
This will allow you to edit the configuration file for Chromium browser, find the line that look something like:<\/p>\n
CHROMIUM_FLAGS=\"\"<\/pre>\n
and modify it with:<\/p>\n
CHROMIUM_FLAGS=\"--ssl-version-min=tls1\"<\/pre>\n
Save and close the browser for the settings to take effect. You might have to sign in again if you have your browser synced.<\/p>\n
Disabling SSLv3 in Mozilla Firefox<\/strong><\/em><\/p>\n
If you use Mozilla also, as I do, then open your Firefox browser and type in the address bar:<\/p>\n
about:config<\/pre>\n
This will prompt a warning to be careful, press OK.<\/p>\n
\"Firefox<\/p>\n
In the search bar type in:<\/p>\n
security.tls.version.min<\/pre>\n
From all the\u00a0\u00a0options that show up use\u00a0the one that actually says security.tls.version.min, double click in the value column which will prompt you a text field, if the value is not 1 then change this value to 1.<\/p>\n
Also you can install the Mozilla extension to disable this by default, found it here<\/a>.<\/p>\n
With this done, you should be able to log in to your email accounts, use your Facebook and any other service that requires SSL encryption. The only thing this does is to use TLS1, TLS2 and TLS3 as the main options for secure communication and avoid using the compromised SSL version 3 service.<\/p>\n
For more information about the Poodle thread follow this link<\/a> or read this PDF<\/a> file. If you need to information in how to accomplish this in other browsers and operating systems, you can visit this pages:<\/p>\n
    \n
  1. https:\/\/disablessl3.com\/<\/a><\/li>\n
  2. Ask Ubuntu thread – really good<\/a><\/li>\n<\/ol>\n
    I hope this help you guys… Happy Coding and Happy Developing!<\/p>\n","protected":false},"excerpt":{"rendered":"
    With the latest news about the new SSL vulnerability, after the not so long ago HEARTBLEED vulnerability, now we are been threatened by a POODLE. Because of this, browsers are blocking the use of SSLv3 causing some HTTPS websites to stop responding, in my case either in Chromium and Firefox. I noticed that any other […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13],"tags":[193,33,194,195,98,196],"class_list":["post-2095","post","type-post","status-publish","format-standard","hentry","category-tips","tag-chromium","tag-firefox","tag-openssl","tag-ssl","tag-ubuntu","tag-vulnerability"],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/posts\/2095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/comments?post=2095"}],"version-history":[{"count":0,"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/posts\/2095\/revisions"}],"wp:attachment":[{"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/media?parent=2095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/categories?post=2095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/designersgate.com\/blog\/wp-json\/wp\/v2\/tags?post=2095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}