Google has disclosed details of a vulnerability in the design of SSL version 3.0, which is is nearly 15 years old but remains widespread. According to the team's Bodo Möller: "This vulnerability allows the plaintext of secure connections to be calculated by a network attacker."

While SSL 3.0 has been succeeded by Transport Layer Security (TLS) 1.0, TLS 1.1, and TLS 1.2, many TLS implementations have continued to be backwards compatible with SSL 3.0 to work with legacy systems for a smoother user experience.

Nearly all browsers support SSL 3.0 and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore Google's recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Google Chrome and Google's servers have supported TLS_FALLBACK_SCSV since February. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0.

Google hopes to eventually remove support for SSL 3.0 completely from its client products.

To prevent attacks on Firefox, open about.config, search for "security.enable," and set "security.enable_ssl3" to false.

To stop them on IE, go to the tools menu, click Internet Options and head to the Advanced tab. Under that look for the Security heading, and make sure that the SSL 3.0 check box is unchecked.