Thread: poodle - Padding Oracle On Downgraded Legacy Encryption SSL vulnerability
View Single Post
Old 12-02-2014, 06:32 AM   #33
bookmarked
Addict
bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.bookmarked ought to be getting tired of karma fortunes by now.
 
Posts: 376
Karma: 6405689
Join Date: Nov 2012
Location: US
Device: Kindle 4 NT, Paperwhite
Firefox 34.0.5 has been released. This release changes the default value for security.tls.version.min from 0 to 1, which disables SSLv3 (the source of the poodle vulnerability).

If you've already changed this value to 1, you don't have to do anything - after upgrading, FF will still remember that you set the value to 1. If you want to change this setting from the manual setting (Status = user set ) of 1 to the new default value (Status = default) of 1 (still) after upgrading, you can right-click the setting in about:config and choose Reset.

Personally, I reset it to the new default value.
Code:
Preference Name           Status   Type    Value
security.tls.version.min  default  integer  1


This way I won't have to worry that Mozilla will one day need to change the default value to something else. AFIAK, changes to the default setting won't override a user modified value. Either way, if you have security.tls.version.min = 1, you're protected.
bookmarked is offline   Reply With Quote