浏览器的ssl安全漏洞

thanksgiving

浏览器最近的安全漏洞，大家可以通过如下网页查看自己的浏览器是否有危险：
https://www.poodletest.com/
如果显示vulnerable,建议按照如下办法修补漏洞，目前Google Chrome＆Firefox还没有出相应的patch：
https://zmap.io/sslv3/browsers.html
简单来说：

对于Firefox（SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25. ）：

you can set the value security.tls.version.min = 1 in the about:config dialog.
（在Firefox浏览器的地址栏输入，about:config，然后输入security.tls.version.min = 1）

对于Google Chrome

Windows

• Right click the Google Chrome shortcut on the desktop.
  
  
                                 
  登录/注册后可看大图
• Click Properties from the drop-down menu.
• You will see the properties menu for the shortcut to Google Chrome.
  
  
                                 
  登录/注册后可看大图
• Click inside the "Target" box and scroll all the way to the        right (past the quote (")).
• Enter --ssl-version-min=tls1
  
  
                                 
  登录/注册后可看大图
• Click "OK" on the properties menu.
• When asked for administrator permissions, click "Continue".
  
  
                                 
  登录/注册后可看大图
  
  

---

Ubuntu

Thanks to gertvdijk on AskUbuntu.

• Open /usr/share/applications/google-chrome.desktop in a text editor
• For any line that begins with "Exec", add the argument：--ssl-version-min=tls1
  
  • For instance the line Exec=/usr/bin/google-chrome-stable %U should become Exec=/usr/bin/google-chrome-stable --ssl-version-min=tls1
    
• Reboot
  

---

OS X

• Open Automator from Applications.
  
  
                                 
  登录/注册后可看大图
• Double-click "Workflow".
• Under Library, click Utilities.
  
  
                                 
  登录/注册后可看大图
• Double-clide "Run Shell Script".
  
  
                                 
  登录/注册后可看大图
• Replace cat with open -a "Google Chrome.app" --args --ssl-version-min=tls1.
  
  
                                 
  登录/注册后可看大图
• In the toolbar at the top of the screen, click "File" and then "Save".
• In the "Save As" box, type Chrome-POODLE-Proof.app
  .
• In the "File Format" drop-down box, select "Application".
  
  
                                 
  登录/注册后可看大图
• Click "Save".
  

Depending on how you open Google Chrome, you may have to open it in a different way. If you open it through Spotlight, just type Chrome-POODLE-Proof instead of Google Chrome If you open it by clicking on it in the Dock, open Finder, and click Applications. Drag-and-drop the Chrome-POODLE-Proof.app to the Dock. When you want to open Chrome, click the icon that looks like a robot holding a pipe instead of the normal Google Chrome icon.

---

Other Operating Systems

For any operating system, launching Chrome from the command-line with the extra flag --ssl-version-min=tls1 will disable SSLv3. Consult your documentation for more detail.

---

Internet Explorer

To disable SSLv3 in Internet Explorer on Windows Vista and newer, uncheck the "Use SSL 3.0" box on the "Advanced" tab in the Internet Options program.

• Launch "Internet Options" from the Start Menu
• Click the "Advanced" tab
• Uncheck "Use SSL 3.0"
  
  
                                 
  登录/注册后可看大图
• Click "OK"
  

---

Safari

We currently do not know of a fix for Safari.