Chrome45 and Firefox - ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION on most of the sites

Question

I have started receiving this error when I visit most of the sites - Microsoft sites incl. MSDN knowledge base, Lynda.com etc.

SSL server probably obsolete. ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION Unable to connect securely to the server. This website may have worked previously, but there is a problem with the server. Connecting to such sites weakens security for all users and thus has been disabled.

Is there any way I could override this. I am using Chrome 45.0.2454.85 m and Firefox v.40.0.3 Works fine on the fabled IE...sigh

Answer 1

Lets understand step by step

POODLE Attack :

A POODLE attack is an exploit that takes advantage of the way some browsers deal with encryption. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the name of the vulnerability that enables the exploit.

SSL 3 is dead, killed by the POODLE attack:

https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack

https://www.us-cert.gov/ncas/alerts/TA14-290A

How to check for SSL POODLE / SSLv3 bug on WebLogic? How to fix

SSL and Weblogic - Remote PSAdmin

http://weblogic-wonders.com/weblogic/2014/10/16/check-ssl-poodle-sslv3-bug-weblogic-fix/

http://remotepsadmins.com/2015/01/24/ssl-weblogic/

**Chrome set to disable and remove SSLv3 in upcoming releases

http://www.zdnet.com/article/chrome-set-to-disable-and-remove-sslv3-in-upcoming-releases/

How to fix issue :

Upgrade certificate

Work around :

POODLE Disabling SSLv3 Support in Browsers

https://zmap.io/sslv3/browsers.html

For Google Chrome:

1) Create new shortcut for your Chrome on your desktop

(2) Right click and select properties

(3) Look for Shortcut tab and add the following start-up parameter (Target field):

--cipher-suite-blacklist=0x0039,0x0033

Example: 

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0039,0x0033

4) Click Apply and open your browser from Shortcut

You can also run above line from command window to open Google Chrome.

For Firefox:


(1) In a new tab, type or paste about:config in the address bar and press Enter. 

(2) In the search box above the list, type or paste dhe and pause while the list is filtered

(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false 

(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false 

(5) Restart your browser