After the Heartbleed incident, online users must brace themselves for another secure connection snag. This time, it’s POODLE.
Formally known as “Padding Oracle on Downgraded Legacy Encryption”, POODLE exploits a browser’s SSL 3.0 connection to allow hackers to extract personal and private data from users. This may include your bank account and credit card details from various sites with secure online connections.
Fortunately, Google is currently working to resolve this issue by completely removing support for SSL 3.0.
For the time being, users can opt to disable support for SSL 3.0 in various browsers including Chrome.
How to disable SSL 3.0 support in Chrome
If you wish to prevent your Chrome browser from reverting back to SSL 3.0 instead of using a more advanced and secure TLS connection, here’s what you need to do:
- Right-click on your Chrome web browser’s desktop shortcut
- After which, go to “Properties” then select the tab for “Shortcut”.
- In the shortcut tab, find the “Target” field then add “–ssl-version-min=tls1” at the end of the target location (see image below).
- Do not forget to click “OK” as soon as you’re done.
- Just remember that this method will only work if you are launching Chrome from its desktop shortcut.
- By disabling SSL 3.0 in Chrome, you can configure your browser to enforce the use of higher and more advanced secure connection protocols such as TLS 1.0 or higher.
For more information regarding POODLE, you can read this post from Google’s online security blog.
Additional Tip
On the other hand, if you wish to know if a particular website is using SSL 3.0, you can perform an SSL Server Test using this simple web tool from Qualys SSL Labs. Just paste the full address or URL of the site that you want to test then click “Submit”.
So that’s it. You’re done.