Overview

File README.POODLE of Package MozillaFirefox

As a reaction to the POODLE attack there are two changes in the
code handling secure connections:

1. SSLv3 is disabled by default; this may be changed by setting
security.tls.version.min to 0 in about:config

2. Downgrade from TLS stops at TLS 1.0 by default. Should a
downgrade to SSLv3 be desired, SSLv3 has to be enabled as above *and*
security.tls.version.fallback-limit has to be set to 0. This new
preference is introduced for cases when SSLv3 is intentionally
enabled but is not desired as a fallback for TLS.

Note that these changes only affect profiles which are using
default settings. If SSLv3 is already enabled (as in 1. above),
only the TLS to SSL downgrade is prevented.
openSUSE Build Service is sponsored by
Places