Error message connecting to a site

wtburnette

2[H]4U
Joined
Jun 24, 2004
Messages
3,580
I wasn't sure if this should go here, or in the webmastering/devlopment thread. I haven't been able to find a good answer on Google, so I thought I'd ask the all knowing members of [H] :cool:

My company is getting ready to disable SSLv3 in our browsers in response to POODLE. What infrastructure is asking me is, what errors are users likely to see when they attempt to connect to a site expecting an SSLv3 connection? Will it just give them a Page Cannot Be Displayed, or what?
 
Typically, websites (web servers and clients) can negotiate their encryption to higher/lower settings. They probably won't notice if you turn off SSLv3 unless something is specifically asking for SSLv3. These do exist unfortunately.

In FireFox or Chrome you will likely see an error message related to SSL or TLS and a cannot display page message. In Internet Explorer you'll see the Page Cannot Be Displayed page with the details button as usual.
 
Steve Gibson was talking about this on Security Now a couple episodes back and claims you'd probably see a failure to negotiate. This day and age you'd have to go out of your way to find a web browser that doesn't support TLS 1.0 at the very least from the get go without having to change that value. During the Poodle scare many statistics were going around and the across the board support for TLS 1.0 was nearly identical to SSL 3.0 so you're not missing anyone that matters.

Again, you'd have to go out of your way to notice a problem, or the website would.
 
Page Cannot Be Displayed in IE is what I was thinking (and what the appsec guy had made an offhand remark about). Thanks for the confirmation.

Liger88, the issue is more with sites that specify a SSLv3 connection, more than what the browsers support. We have some internal, legacy crap that we suspect is SSL only and want to give the end users some idea of what type of error they could expect to see if they hit one of those sites. That would make it easier for our helpdesk to troubleshoot the issues and add those to our list to be addressed.

Thanks all!
 
Back
Top