Chrome and Chromium
From Chrome 39, fallback to SSLv3 is disabled by default. If you are using Chrome ≥ 40 you are safe, because Chrome/Chromium has disabled SSL 3.0 support completely.
Chrome and Chromium used to have a setting in preferences to let the user specify the preferred protocol, but people allegedly thought that SSL 3.0 was a higher version than TLS 1.0 and would mistakenly disable the latter (source: ImperialViolet).
So, until a Google Chrome or Chromium browser with SSLv3 disabled by default is announced, it is necessary to run Chrome/Chromium with a command line flag:
--ssl-version-min=tls1
If you want, you can modify the shortcut to make it run with the correct flag.
Windows
- Right click on the Google Chrome / Chromium shortcut on the Desktop, and click Properties.
- In Target, after the last character (a quote), add a space and then
--ssl-version-min=tls1
. - Click OK, and confirm if it asks for administrator privileges.
Please note that this protects normal browser sessions initiated by clicking on the shortcut on the desktop, but not sessions started by clicking a link in a document or in an email from an external program. To protect every session, you have toset the ChromeHTML/shell/open/command
registry value in HKEY_CLASSES_ROOT
to "C:\Program Files\Google\Chrome\Application\chrome.exe" --ssl-version-min=tls1 -- "%1"
(make sure the path to chrome.exe is correct for your system). — thanks to Dr. Thomas Kunst
Linux / Unix
The process for changing the symbolic links on your desktop and in the application menu vary between different desktop environments.
For instance, in Ubuntu, you have to edit the /usr/share/applications/google-chrome.desktop
file, and edit all lines starting with Exec=
to include --ssl-version-min=tls1
.
As an example,
Exec=/usr/bin/google-chrome-stable %U
becomes
Exec=/usr/bin/google-chrome-stable --ssl-version-min=tls1 %U
Then save the file and restart the browser. — thanks to gertvdijk on AskUbuntu
Chromium only: on the stable releases of Debian and Ubuntu, edit /etc/chromium-browser/default
and add:
CHROMIUM_FLAGS="--ssl-version-min=tls1"
On the unstable release of Debian, create /etc/chromium.d/disable-sslv3
with content:
CHROMIUM_FLAGS="${CHROMIUM_FLAGS} -ssl-version-min=tls1"
— thanks to David McBride
Mac OS X
Open AppleScript Editor (in /Applications/Utilities/
), and type this in:
do shell script "open '/Applications/Google Chrome.app' --args --ssl-version-min=tls1"
Save it as an Application, and add that application to the Dock.