Contact
Follow Precision Roller on Pinterest
Give Us Your Feedback

Disable Obsolete SSL for Secure Browsing

  • Date:

These instructions explain how to disable obsolete versions of SSL to maintain a higher level of browsing security online.

Contents
  1. Introduction
  2. Steps for Microsoft Internet Explorer
  3. Steps for Mozilla Firefox
  4. Notes Regarding Google Chrome
  5. Testing for the POODLE Vulnerability
Introduction
With SSLv3 and older versions considered obsolete and insecure, and with the announcement of the POODLE SSL vulnerability, it is more important than ever to ensure your browser is configured for maximum security. Current best practices recommend disabling all versions of secure connections using SSL and allowing only TLS protocols.
Steps for Microsoft Internet Explorer
Written for IE 11, but similar to other IE versions
  1. Open your Internet Explorer web browser.  Click on the tools icon (looks like a gear) on the menu bar.  Scroll down to the bottom of the tools menu and click the item titled “Internet options”.
    Step 1: Open IE Internet Options on the Tools menu
  2. You should now see the Internet Options menu.  There are 7 tabs on this menu: General, Security, Privacy, Content, Connections, Programs, and Advanced. Click on the “Advanced” tab to display the Advanced options list.
    Step 2: Select the Advanced tab in IE Internet Options
  3. Scroll to the bottom of the Advanced options list.  The 8th option from the bottom is “Use SSL 2.0”, followed by options for SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2.  To avoid letting your browser use obsolete protocols, uncheck both Use SSL 2.0 and Use SSL 3.0.  To make sure you support all of the protocols currently considered safe, make sure all 3 Use TLS boxes are checked.  Click the “Apply” and “OK” buttons to return to your browser window.
    Step 3: Uncheck SSL and check TLS protocols in IE Advanced Internet Options
Steps for Mozilla Firefox
Firefox 30 and other contemporary versions
  1. Open your Firefox web browser.  Click in the address bar, type about:config and press enter.  Click the button stating “I’ll be careful, I promise!”. (As it mentions, follow the steps beyond this point carefully!)
    Step 1: Open Firefox and browse to the about:config page
  2. In the search box, type security.tls and wait for the list to be filtered, or press enter.
    Step 2: Search Firefox config options for security.tls
  3. Double-click security.tls.version.min (make sure you are not clicking on security.tls.version.max!).  In the entry box that opens titled “Enter integer value”, type a 1, then click “OK”.
    Step 3: Set Firefox minimum SSL version to TLS 1.0
Note: Mozilla has developed a plugin to allow SSLv3 to stay enabled and still minimize the impact of POODLE.  See the Mozilla Security Blog (“Additional Precautions” section) for more details.
Previous versions of Firefox
  1. Open your Firefox web browser.  Click on the Tools menu on the menu bar.  Scroll down to the bottom of the Tools menu and click the item titled “Options...”
    Step 1: Open Firefox Options on the Tools menu
  2. The Options menu should now be open.  From the top tabs, click the “Advanced” tab to display the advanced options menu.
    Step 2: Select the Advanced tab in Firefox Options
  3. On the Advanced menu select the “Encryption” tab.  Uncheck the box that states “Use SSL 3.0” to disable SSL 3.0.  Ensure the ”Use TLS 1.0” option is checked.  Click the “OK” button to return to your browser window.
    Step 3: Uncheck SSL 3.0 and check TLS 1.0 in Firefox Encryption options
Notes Regarding Google Chrome
At the time of writing, Google Chrome allows SSLv3 as a secure connection protocol, and does not offer an option to disable it. Google has stated support for SSLv3 will be removed “[i]n the coming months”.
Testing for the POODLE Vulnerability

To test the SSL/TLS capabilities of your browser, there are several websites that offer test tools. One such page is Qualys SSL Labs’ SSL/TLS test. This test will check what versions of SSL and TLS your browser supports and will warn you if SSLv3 is still enabled.

  • Publisher: Precision Roller