[ubuntu-hardened] The POODLE vulnerability.
Daniel Curtis
sidetripping at gmail.com
Wed Oct 22 19:21:41 UTC 2014
Hi Joerg,
Yes, we should remember, that it is possible to protect,
as a user, from *POODLE* vulnerability and the best way
to do this is to disable SSLv3 in user browser. This means,
that even if the server does offer SSLv3, user browser will
ignore it -- so will never use it. And that's great news.
If it's about Firefox: user can use/type 'about:config' (in
address bar etc.) and search for 'security.tls.version.min'.
It needs to be changed from '0' to '1'. Now, Firefox will be
force to use TLSv1.0, which is not vulnerable to *POODLE*.
To check if browser is vulnerable, we can check *https://zmap.io/sslv3/
<https://zmap.io/sslv3/>*
website. If SSLv3 will be still enabled in browser, user will
see the warning message.
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20141022/aca6421e/attachment.html>
More information about the ubuntu-hardened
mailing list