Avatar for Username

Pesquisar no apoio

Evite burlas no apoio. Nunca iremos solicitar que telefone ou envie uma mensagem de texto para um número de telefone ou que partilhe informações pessoais. Por favor, reporte atividades suspeitas utilizando a opção "Reportar abuso".

Learn More

Esta discussão foi arquivada. Se precisar de ajuda, por favor, coloque uma nova questão.

security.tls.version.min = 1 but PoodleTest still failing?

  • 1 resposta
  • 1 tem este problema
  • 5 visualizações
  • Última resposta por ideato

humbug12
humbug12
more options

I'm concerned about the SSLV3 issue in Mozilla Firefox 33.1.1 on Windows 7 64-bit. After reading up some recent answers I thought setting the subject config parameter to 1 would mean I would then be protected using the test (I used the non-Javascript version) at https://www.poodletest.com/index2.html

However, after setting that parameter to 1 that page still shows the poodle. Even after restarting my browser, the poodle still shows. Excuse my naivete, but does that config change only protect me from a subset of SSLV3 issues or should it protect me from all currently known SSLV3 issues?

I'm concerned about the SSLV3 issue in Mozilla Firefox 33.1.1 on Windows 7 64-bit. After reading up some recent answers I thought setting the subject config parameter to 1 would mean I would then be protected using the test (I used the non-Javascript version) at https://www.poodletest.com/index2.html However, after setting that parameter to 1 that page still shows the poodle. Even after restarting my browser, the poodle still shows. Excuse my naivete, but does that config change only protect me from a subset of SSLV3 issues or should it protect me from all currently known SSLV3 issues?

Todas as respostas (1)

ideato
ideato
more options

Hello humbug12, totally protection is only in beta (34.0b11) because in beta 34 SSLv3 is disabled by default.

see the "Additional Precautions" in the next article : https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

note that 34 stable release in a week+ (1 or 2 December 2014) (with SSLv3 disable also:-))


thank you