One-stop resource on how to effectively disable SSLv3 in major web browsers as well as in web, mail and other servers that may still be using it.
From Chrome 39, fallback to SSLv3 is disabled by default. If you are using Chrome ≥ 40 you are safe, because Chrome/Chromium has disabled SSL 3.0 support completely.
Chrome and Chromium used to have a setting in preferences to let the user specify the preferred protocol, but people allegedly thought that SSL 3.0 was a higher version than TLS 1.0 and would mistakenly disable the latter (source: ImperialViolet).
So, until a Google Chrome or Chromium browser with SSLv3 disabled by default is announced, it is necessary to run Chrome/Chromium with a command line flag:
--ssl-version-min=tls1
If you want, you can modify the shortcut to make it run with the correct flag.
--ssl-version-min=tls1
.Please note that this protects normal browser sessions initiated by clicking on the shortcut on the desktop, but not sessions started by clicking a link in a document or in an email from an external program. To protect every session, you have to
set the ChromeHTML/shell/open/command
registry value in HKEY_CLASSES_ROOT
to "C:\Program Files\Google\Chrome\Application\chrome.exe" --ssl-version-min=tls1 -- "%1"
(make sure the path to chrome.exe is correct for your system). — thanks to Dr. Thomas Kunst
The process for changing the symbolic links on your desktop and in the application menu vary between different desktop environments.
For instance, in Ubuntu, you have to edit the /usr/share/applications/google-chrome.desktop
file, and edit all lines starting with Exec=
to include --ssl-version-min=tls1
.
As an example,
Exec=/usr/bin/google-chrome-stable %Ubecomes
Exec=/usr/bin/google-chrome-stable --ssl-version-min=tls1 %U
Then save the file and restart the browser. — thanks to gertvdijk on AskUbuntu
Chromium only: on the stable releases of Debian and Ubuntu, edit /etc/chromium-browser/default
and add:
CHROMIUM_FLAGS="--ssl-version-min=tls1"
On the unstable release of Debian, create /etc/chromium.d/disable-sslv3
with content:
CHROMIUM_FLAGS="${CHROMIUM_FLAGS} -ssl-version-min=tls1"
— thanks to David McBride
Open AppleScript Editor (in /Applications/Utilities/
), and type this in:
do shell script "open '/Applications/Google Chrome.app' --args --ssl-version-min=tls1"
Save it as an Application, and add that application to the Dock.