Disable SSL 3.0 to be immune from the POODLE attack. CCS And CD.

Regarding the solution at the post linked below, it says it is for 64-bit operating systems. What about 32-bit operating systems?


Disable for both versions.
Do you guys still use RC4, by the way?

SSL3.0 and RC4 need to go.

SSL 3 is, at long last, disabled in Dragon 42, as it is in Chromium 40+.

RC4 can be disabled with --cipher-suite-blacklist=0x0004,0x0005,0xc007,0xc011

Starting with Chromium 43, RC4 will not be included in the first ClientHello sent to the server. RC4 is still supported, but will only be used if the server does not support anything better.
Move RC4 behind a fallback.
That is also what Firefox 36+ and IE on Windows 8.1+ do. An attacker can still force those browsers to use RC4.

Deprecating Secure Sockets Layer Version 3.0
Prohibiting RC4 Cipher Suites

Thank you. Reported from many users trying to access their banks, they can’t connect without enabling RC4(Palemoon keeps it off as default but still embedded for use when necessary, this being the unfortunate occasion).

Hi cloudsandskye,
Thanks for pointing this out, I have now added information regarding 32-bit operating systems.

Kind regards.

Chromodo is still experiencing a security vulnerability. See attached screenshot (adjust to 100%).

[attachment deleted by admin]

That is why captainsticks posted this instruction. :wink:

I guess my previous post should have been more clear. After making the suggested changes by captainsticks, Chromodo is still experiencing a security vulnerability (see attached screenshot).

[attachment deleted by admin]

Hi cloudsandskye,
Maybe an obvious question, but are you certain the shortcut with the modified target field is being used to open Chromodo?

Try clearing your browsing data and reloading the test page.

Kind regards.

[attachment deleted by admin]

–ssl-version-min=tls1 should appear on about://version/

If it doesn’t, something was done incorrectly.

I cleared the browsing data and reloaded the test page, but the security vulnerability persists. Attached are screenshots. My operating system is Windows XP Pro SP3 32-bit.

[attachment deleted by admin]

Hi cloudsandskye,
I am not sure why this is happening to you, unless it is an XP quirk which I can’t test at the moment sorry.

After adding the switch are you sure all of Chromodo’s processes have been closed before re-opening the browser?

Is anyone else experiencing this issue of the switch not activating using XP?


I turn my computer completely off every night and reboot every morning. This morning was the first reboot since making the changes yesterday and the security vulnerability shown in the screenshot yesterday is still there.

I tried on Win XP on my netbook. When I add the --ssl-version-min=tls1 parameter as described to Dragon and Chromodo I get the warning that both browsers are vulnerable for Poodle attack.

Out of curiosity I installed Chrome 42 and added the --ssl-version-min=tls1 parameter. Chrome is not vulnerable for Poodle attack.

Hi Eric,
Thanks for checking this, what service pack is your XP using?
Service pack 3 is required to continue using Internet Explorer with SSL 3 disabled, I suspect it maybe required using other browsers as well.

AFAIK SSL 3.0 support was completely removed from Chrome since version 40 and above.



I’ve also enable QUIC
QUIC Wikipedia
QUIC: next generation multiplexed transport over UDP - YouTube

[enable] Go to → chrome://flags/#enable-quic → Enabled

It’s SP3.

Thanks for your help Eric, it looks like the switch may not work on any XP system. :frowning:
I have made note of it here.


I have a new computer with Windows 7, but having the same security problems I had with Windows XP. It turns out the problem was not the operating system, but that I use the internet through a limited/standard account. I am currently using Comodo Dragon 36 and Ice Dragon 26. When I make the security changes in the administrator account and check them at https://www.ssllabs.com, both look fine, but checking them again in the standard account, the POODLE warning shows up for both. The security change for Dragon flows through from the administrator account into the standard account, and can be seen in the Target field, but it has no effect. For Ice Dragon, the security change does not flow through, so it has to be changed in each account. Checking back on my old XP computer, Chromodo 42 shows no POODLE warning in either account.

The problem here may be using XP: