Blog

The Digital Agency for International Development

Protect your computer from Poodle

By Adrian Silva on 15 October 2014

There is a new SSL vulnerability in the wild that affects the browser, not the server. Chrome & Firefox browsers are supposed to release fixes in the next few days so look out for updates.

There are some mitigations that can be applied server side but ultimately the fix is to disable SSLv3 on the browser. Disabling SSLv3 in browsers is easy. On Chrome, use the command-line flag --ssl-version-min=tls1, and on Firefox set security.tls.version.min to 1. There are virtually no servers out there who don't support TLSv1, so this shouldn't break anything.

You can read more here and here are the full technical details.

Poodle designed by Edward Boatman from the Noun Project