Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

Posted by samzenpus on from the get-it-out dept.

An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."

1 of 70 comments (clear)

  1. Re:If lack of security updates didn't kill IE 6... by sexconker · · Score: 3, Informative

    Tools
    Internet Options
    Advanced
    Security
    Use TLS 1.0
    OK