How to disable SSLv3

One-stop resource on how to effectively disable SSLv3 in major web browsers as well as in web, mail and other servers that may still be using it.

Why

SSL, and its successor TLS, are cryptographic protocols designed to provide communication security over the Internet. In the web realm, they are providing HTTPS, but they are also used for other application protocols. SSLv1 was never publicly released, and SSLv2 was quickly found to be insecure. SSLv3 was created, and, together with the newer TLSv1/1.1/1.2, it is still currently being used to secure the transport layer of the Internet.

As it happened for SSLv2, recently Google engineers pointed out that SSLv3 is broken (with an exploitation technique known as POODLE) and should not be used any longer. There is a patch, but it does not mitigate the issue completely as it will work only if both sides of the connection have been patched. SSLv3 is nearly 18 years old, but support for it remains widespread. Clients and servers should disable SSLv3 as soon as possible. While there is a tiny fraction of Internet users that run very outdated systems that do not support TLS at all, clients that won't be able to connect to your website or service are limited: CloudFlare announced on October 14th 2014 that less than 0.09% of their visitors still rely on SSLv3.

FAQ

Why do I have to disable SSLv3 on servers?

If you are a server administrator, you really should disable SSLv3 now for the security of your users. By doing this, clients will no longer be able to use the insecure SSLv3 protocol to connect to you, and will have to use a newer, more secure alternative.

Why do I have to disable SSLv3 on clients?

As a user, you should disable SSLv3 in your browser now to secure yourself when visiting websites that still support SSLv3. By doing this, you will be sure your client won't attempt to establish a connection with SSLv3 and will use a more secure alternative.

Is POODLE an implementation vulnerability such as the OpenSSL Heartbleed bug?

No, POODLE is a protocol vulnerability. This means this is inherent in the inner workings of SSLv3, and you can't really patch it.

I am a server administrator. Do I need to revoke certificates after POODLE?

No, you don't need to issue a new certificate. The POODLE attack is not a memory leak, it is a plaintext recovery attack that focuses on HTTP headers and exploits a weakness in the SSLv3 protocol when used with block ciphers.

But I heard there was a patch...

A possible mitigation, to be implemented on both the server and the client, is to add support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks. You will get this patch in your regular software updates, but it is not enough, since it will work only if both sides of the connection have been patched.

About clients, is there any software other than web browsers vulnerable to POODLE?

Maybe. The attack scenario requires the attacker to be able to inject data of their own, and to intercept the encrypted bytes. The most natural context where such a thing happens is a web browser, but we can't exclude other clients could be vulnerable to a POODLE-like technique.

I would like to get more technical details about POODLE.

Please see the security advisory by Google and this answer on StackExchange.

I would like to report an error in your page or add instructions for new widely used software!

Great, please leave a comment in the comment section at the bottom of the page.

How to test SSLv3 support

Test if your server supports SSLv3

You can check your enabled SSL/TLS protocol versions.

If your server is exposed to the Internet, and you don't mind sharing the hostname with a third party service, you can use web tools such as Tinfoil.

If, on the other hand, you want to check this manually, you can use openssl on any Unix machine:

openssl s_client -connect <host>:<port> -ssl3
A host that has SSLv3 disabled will return an error with handshake failure in it.

Credits

This page was compiled by Michele Spagnuolo.