Which SSL Reviews

SSL

POODLE Effect – Mozilla Disables Encryption in next Firefox Version

October 20, 2014 | By Editor 

Summary

Software community Mozilla has announced that it will disable Secure Sockets Layer (SSL) encryption in the next version of its popular Firefox Web browser. The new version engine is all set to be released on November 25 this year.

The announcement comes in the wake of new security flaw called “Poodle” that was detected in a Web encryption technology recently.

POODLE Effect

Mozilla to Disable SSL 3.0

The POODLE flaw allows hackers to gain entry into private mail accounts of users and hack user names, passwords and cookies, said Mozilla in its blog. The search engine will disable SSL 3.0 by default in its upcoming Firefox 34 version.

The code to turn off SSL 3.0 will be made available via Mozilla Nightly, a nightly channel of Mozilla’s browser development version. And in a few weeks time, it will also make its way to the channels of Aurora and Beta.

It may be a bit of surprise as to why Mozilla is taking time to safeguard its users from the POODLE bug. Well, the reason is simple.

The firm wants to give site admins sufficient time to upgrade to higher-ranking security protocol like the TLS to secure important encrypted connections. This is a precautionary measure. Mozilla said that Firefox 34 version will support a generic version of TLS with reduced security mechanism called Signaling Cipher Suite Value ( SCSV).

Disabling SSL 3.0 will provide additional security to Firefox 34.

Web servers that support the downgrade security mechanism can prevent future attacks that depend on insecure fallback.

Leveraged by POODLE, insecure fallback is a warning to websites, which already support high-level security protocols, to return to communicating via the less secure SSL 3.0.

Mozilla is not worried about the impact of disabling SSL 3.0 would bring, since in Alexa only a small fraction of the leading domains depend on less secure security protocol. Only 0.3 percent of HTTPS connections use SSL 3.0, according to a survey conducted by Mozilla.

The recent Poodle flaw, standing for Padding Oracle On Downloaded Legacy Encryption, was exposed by Google two weeks back. The bug allows cyber criminals to siphon data from inside an encrypted transaction.

However, Mozilla recommends its users to turn on Firefox automatic update feature so that they can upgrade to Firefox 34 when it is released.

Meanwhile, the corporate has developed SSL version control, an extension that users can use to disable 3.0.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in SSL

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory