My name is Philipp C. Heckel and I write about nerdy things.

Posts Tagged / POODLE


  • Oct 17 / 2014
  • Comments Off on Snippet 0x06: Disable SSLv3 in Firefox to protect against POODLE attack
Code Snippets, Security

Snippet 0x06: Disable SSLv3 in Firefox to protect against POODLE attack

The recent POODLE attack (Padding Oracle On Downgraded Legacy Encryption) exploits a vulnerability of an older version of SSL (SSLv3) by performing a padding oracle attack — and thereby allowing a man-in-the-middle scenario.

To be vulnerable, both client (browser) and server have to support SSLv3. If either one does not support or has disabled the protocol, this vulnerability cannot be exploited. This tiny article shows you how to disable SSLv3 in Firefox — thereby effectively making your browser POODLE-safe.

Continue Reading