Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

Any thoughts about the poodle SSL 3 bug?

  • Is there any setting where we can disable it for the time being?

  • According to Opera's Help page you can select the security protocol.

    There are extended instructions in the information on certificates.

    This would be nice if the features discussed in the Help text exist. However no information is given on finding the settings described and they don't appear to be accessible from the menus.

  • According to Opera's Help page you can select the security protocol.
    There are extended instructions in the information on certificates.
    This would be nice if the features discussed in the Help text exist. However no information is given on finding the settings described and they don't appear to be accessible from the menus.

    I can't seem to find such help page on the new Opera 24.

    You could select which security protocols you have enabled on the old (12.x) Opera, from the advanced security settings.

  • Hi,

    Opera 12.16 with clean default profile, is shown as "Not vulnerable" to Poodle attack by the site www.poodletest.com/

    http://âpp.com/Hfv5

    SSLv3 is enabled by default in Opera 12.16 but after the test done, SSLv3 is automatically disabled.
    I don't understand why.

    Opera 26 seems "vulnerable" and i don't know how to disable SSL v3 protocol support...

  • Hi,
    Opera 12.16 with clean default profile, is shown as "Not vulnerable" to Poodle attack by the site www.poodletest.com/
    http://âpp.com/Hfv5
    SSLv3 is enabled by default in Opera 12.16 but after the test done, SSLv3 is automatically disabled.
    I don't understand why.

    Opera 26 seems "vulnerable" and i don't know how to disable SSL v3 protocol support...

    Hello,
    You can run following command line, and SSL3 will be disable in your Opera 26 :

    %PATH-TO-YOUR-OPERA-VERSION%\opera.exe --ssl-version-min=tls1

  • Oh, yes, same as Chrome, I should have known :awww:

  • It appears that the --ssl-version-min argument is missing from opera-developer, so they must have removed it. So opera-developer is vulnerable and there is no way to fix that.

  • opera-developer is vulnerable

    No, it isn't.

  • It fails the poodle test, Chromium and Firefox do not when configured not to use SSLv3.

  • FWIW, while disallowing downgrading of the connection from TLS to SSLv3 technically defeats the exploit in question, opera-developer still supports SSLv3 which is just a half measure. SSLv3 was deprecated over a decade ago. Opera should drop support.

  • Hi @chas4 @praetorianx @alexcavaco @fritzr @ra-mon @g00g00 @originalgbee @christoph142, FYI:

    "What we have done in Opera 25, is to add a countermeasure to the SSLv3 protocol when used. Since the attack can only be done to SSL records of certain lengths, we simply split the records into several records, where none of the records can be attacked. Adam Langley from Google who helped out developing the details of this idea named the countermeasure “anti poodle record splitting”. Hopefully this will help keeping SSLv3 secure enough for a few more months, and give server owners a chance to upgrade to TLS.

    Next we have removed the security badge for SSLv3 servers. This means that when you go to a SSLv3 server, it will look as you got to a standard unencrypted http server.

    Opera also supports the TLS_FALLBACK_SCSV mechanism. This is a security feature, if supported by both browser and server, that effectively stops unwanted fallbacks to lower TLS versions. Sadly, this feature is not widely supposed yet, but we hope that Server administrators pay attention to this attack and will upgrade their servers to support it. This way, future problems with higher TLS versions will not have the same devastating effect." - form more details, please read the "Security changes in Opera 25; the poodle attacks" \m/

  • @l33t4opera I just read that blog post 🙂 & great myOpera rock smile 🙂

  • Thanks @l33t4opera.
    It's always nice to be reassured that Opera is still on top of things when it comes to security.

Log in to reply