Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
MozillaFirefox.441
README.POODLE
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File README.POODLE of Package MozillaFirefox.441
As a reaction to the POODLE attack there are two changes in the code handling secure connections: 1. SSLv3 is disabled by default; this may be changed by setting security.tls.version.min to 0 in about:config 2. Downgrade from TLS stops at TLS 1.0 by default. Should a downgrade to SSLv3 be desired, SSLv3 has to be enabled as above *and* security.tls.version.fallback-limit has to be set to 0. This new preference is introduced for cases when SSLv3 is intentionally enabled but is not desired as a fallback for TLS. Note that these changes only affect profiles which are using default settings. If SSLv3 is already enabled (as in 1. above), only the TLS to SSL downgrade is prevented.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor