Disable SSL 3.0 in Browsers

If you would like to prevent possible exploitation from POODLE, you can disable the use of SSLv3 within your web browser. We have provided instructions for the main browsers below.

Google Chrome

Chrome does not have a setting configurable in the user interface to turn off SSLv3. Instead, Chrome needs to be told not to use SSLv3 at launch. To automatically launch Chrome with SSLv3 disabled, follow the instructions for your operating system.

  • Be Advised! This only protects you if you open Google Chrome from the shortcut on the desktop.

    1. Right click the Google Chrome shortcut on the desktop
      Disable SSL 3.0 in Browsers
    2. Click Properties from the drop-down menu
    3. You will see the properties menu for the shortcut to Google Chrome
      Disable SSL 3.0 in Browsers
    4. Click inside the "Target" box and scroll all the way to the right (past the quote ("))
    5. Enter a space, then enter --ssl-version-min=tls1 So it looks like what is shown in the image below
      Disable SSL 3.0 in Browsers
    6. Click "OK" on the properties menu
    7. When asked for administrator permissions, click "Continue"
      Disable SSL 3.0 in Browsers
  • Thanks to Jorja Hung on GitHub.

    Be Advised! This only protects you if you open Google Chrome from the Application that you create in Automator.

    1. Open Automator from Applications
      Disable SSL 3.0 in Browsers
    2. Double-click "Workflow"
    3. Under Library, click Utilities
      Disable SSL 3.0 in Browsers
    4. Double-clide "Run Shell Script"
      Disable SSL 3.0 in Browsers
    5. Replace cat with open -a "Google Chrome.app" --args --ssl-version-min=tls1
      Disable SSL 3.0 in Browsers
    6. In the toolbar at the top of the screen, click "File" and then "Save"
    7. In the "Save As" box, type Chrome-POODLE-Proof.app
    8. In the "File Format" drop-down box, select "Application"
      Disable SSL 3.0 in Browsers
    9. Click "Save"

Depending on how you open Google Chrome, you may have to open it in a different way. If you open it through Spotlight, just type Chrome-POODLE-Proof instead of Google Chrome If you open it by clicking on it in the Dock, open Finder, and click Applications. Drag-and-drop the Chrome-POODLE-Proof.app to the Dock. When you want to open Chrome, click the icon that looks like a robot holding a pipe instead of the normal Google Chrome icon.

Internet Explorer

To disable SSLv3 in Internet Explorer on Windows Vista and newer, uncheck the "Use SSL 3.0" box on the "Advanced" tab in the Internet Options program.

  1. Launch "Internet Options" from the Start Menu
  2. Click the "Advanced" tab
  3. Uncheck "Use SSL 3.0"
    Disable SSL 3.0 in Browsers
  4. Click "OK"

Safari

Apple has released Security Update 2014-005, which disables CBC-mode ciphers in coordination with SSLv3. The patch is available for Mac OS Mavericks, Mountain Lion, and Yosemite.

Thanks to MSU and others for putting these instructions together.