Good guys at Google are back at it. They’ve identified a flaw in the design of SSL v3 and its dubbed the Poodle. Now, we’re not the ones to take security threats lightly (even if it’s from a Poodle) so we’re going ahead and disabling SSL v3 support on all our offerings in a phased manner to ensure your site is secured. The good news is that most of you folks should not experience any issues due to these changes. Cloudflare estimates this change will affect less than 1% of the internet since the SSL 3.0 protocol is over 15 years old. It has continued to exist to support users running older browsers.
If you’re among the few folks running outdated browsers just download the latest version of Google Chrome or Mozilla Firefox. These browsers offer a more secure protocol than SSL known as TLS. Moreover, they push updates automatically as soon as a newer version is out so that you’re always secured. However, Chrome and Firefox users will still need to disable SSL v3. Here’s how you do it for Chrome and for Firefox, just follow these 3 quick steps:
- Type “about:config” in the address bar
- Search for “tls.version.min” in the search bar above
- Set the value to 1.
And that’s it. Firefox has intimated that they plan on disabling SSL v3 in their next update on November 25th. If you are a Firefox user, we recommend downloading this plugin that allows you to set the minimum SSL version that Firefox will accept. If you’re using Internet Explorer 11, you can turn off SSL v3 support by following the below steps:
- Go to Settings
- Click on Internet Options
- Go to Advanced Tab
- Uncheck SSL v3 under Security
For more scoop on this bug, take a look at the Google Online Security blog. If you need any more information on this please feel free to get in touch with our support team.