Disabling browser support for SSL 3.0 is not required, but can be a proactive way to combat the “POODLE” vulnerability. Therefore, DigiCert is not responsible for any complications or problems if you decide to use any of these instructions to disable the SSL v3 protocol support in your browser(s).
Note that disabling browser support for the SSL 3.0 protocol may stop you from connecting to sites that don’t support the TLS protocols.
How to Disable Browser Support for the SSL 3.0 Protocol
Depending on how your browser is configured, you may want to disable SSL v3 and enable TLS 1.0, TLS 1.1, and TLS 1.2 (if these protocols are not enabled by default). Note that older versions of Internet Explorer may not have the TLS 1.1 and 1.2 protocols.
-
Internet Explorer
-
Mozilla Firefox
-
Google Chrome
Internet Explorer: How to Disable the SSL 3.0 Protocol
Although these instructions and screenshots are for Internet Explorer (IE) 10, they will work for other versions of IE.
-
Open IE.
-
In IE, click the Tools symbol (gear) and then, click Internet Options.
-
In the Internet Options window on the Advanced tab, under Settings, scroll down to the Security section.
-
In the Security section, locate the Use SSL and Use TLS options and uncheck Use SSL 3.0 and Use SSL 2.0.
-
If they are not already selected, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.
Note: If not all the TLS options are available, just check the ones that are. For example, in IE6, the Use TLS 1.0 may be the only available TLS option.
-
Next, click Apply and then, click OK.
You have successfully disabled the SSL 3.0 protocol in your IE browser.
Mozilla Firefox: How to Disable the SSL 3.0 Protocol
Firefox is currently working on a new version of the Firefox browser in which the SSL 3.0 protocol support has been removed. If you don’t want to wait for that version to come out, you can use these instructions to turn off the SSL 3.0 support, until the next version of Firefox is released.
Although these instructions and screenshots are for Mozilla Firefox 31, they will work for other versions of Firefox.
-
Open Firefox.
-
In the Location Bar, enter about:config and click the Go to the address in the Location Bar symbol (arrow).
-
When you receive the “This might void your warranty” message, click I’ll be careful, I promise!.
-
On the about:config page, in the Search box, enter tls and wait for the list to populate.
-
Next, in the list, double-click security.tls.version.min.
-
In the Enter integer value window, in the security.tls.version.min box, type 1 to make TLS 1.0 the minimum required protocol version, and then click OK.
-
You have successfully disabled the SSL 3.0 protocol in your Firefox browser.
Google Chrome: How to Disable the SSL 3.0 Protocol
Google is currently testing a new version of Chrome in which the SSL 3.0 protocol support has been removed. If you don’t want to wait for that version to come out, you can use these instructions to create a shortcut that allows you to open chrome with the SSL 3.0 support turned off, until the next version of Chrome is released.
Although these instructions and screenshots are for Google Chrome 38, they will work for other versions of Chrome.
-
Locate the Google Chrome shortcut; typically, this shortcut is on your desktop.
If you don't have a Google Chrome shortcut, create one.
-
Open the folder in which the Google Chrome application is located.
For example: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
-
In the Google Chrome folder, right-click on the Google Chrome shortcut and then, click Create shortcut.
-
In the Shortcut window, click Yes to create a shortcut on your desktop.
-
-
Right-click on the Google Chrome shortcut and then, click Properties.
-
In the Google Chrome Properties window on the Shortcut tab, in the Target field, add the following line to the existing Target:
Add: --ssl-version-min=tls1
To: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
Make sure that you add a space between chrome.exe” and --ssl-version-min=tls1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ssl-version-min=tls1 -
Next, click Apply and then, click OK.
-
From now on (until Google releases the version of Chrome in which support fore the SSL 3.0 protocol is removed), to open Google Chrome, you must use this shortcut.
Whenever you use this shortcut to open Google Chrome, this instance of the Google Chrome browser will not support the SSL 3.0 protocol.
-
You have successfully disabled the SSL 3.0 protocol in your Chrome browser.
For instructions about disabling the SSL v3 protocol on your Windows server, see Microsoft IIS: Disabling the SSL v3 Protocol.