The POODLE attack (which stands for Padding Oracle On Downgraded Legacy Encryption) is an exploit which takes advantage of web browsers' fallback to SSL 3.0.

Vulnerability check can be found here:

Here are the instructions for disabling SSLv3 on browsers that allow it:
(Do not use browsers that do not allow to disable SSLv3 at this time)


Download the Firefox addon here:

Google Chrome

To disable SSLv3 on Chrome, you can do it via a command line flag. This allows you to do it on multiple operating systems including Android/OSX. We will show you how to do this for Windows, for more information on how to do this per OS, review the post here:


Note that this only protects you if you open Google Chrome from the shortcut you’ve created.

  1. Right-click the Google Chrome shortcut on the desktop.
  2. Click Properties.
  3. Click inside the Target box and scroll all the way to the right (past the quote (")).
    Shortcut Properties
  4. Enter --ssl-version-min=tls1 in the end.
  5. Click OK.
  6. When asked for administrator permissions, click Continue.
    Admin Prompt

Mac OS X

  1. Quit any running instance of Chrome.
  2. Launch /Applications/Utilities/
  3. At the command prompt enter: /Applications/Google\\ --args --ssl-version-min=tls1


  1. Open /usr/share/applications/google-chrome.desktop in a text editor
  2. For any line that begins with Exec, add the argument --ssl-version-min=tls1. For instance the line Exec=/usr/bin/google-chrome-stable %U should become Exec=/usr/bin/google-chrome-stable --ssl-version-min=tls1 %U
  3. Reboot

Other OS’s

Requires the use of the --ssl-version-min=tls1 argument. Consult documentation for more detail.

Internet Explorer

To disable SSLv3 in Internet Explorer on Windows Vista and newer, uncheck the Use SSL 3.0 box on the Advanced tab in the Internet Options.

  1. Go to Start Menu > Control PanelInternet Options
  2. Click the Advanced tab
  3. Uncheck Use SSL 3.0
  4. Uncheck Use TLS 1.0 and Use TLS 1.1
    Internet Options
  5. Click OK.