Thursday, April 16, 2015

KB3038314 disables SSL 3.0 in Internet Explorer 11

With latest updates from Microsoft, there is a cumulative security update for Internet Explorer KB3038314 which will disable the SSL 3.0 in Internet Explorer 11. Default settings for Internet Explorer 11 after installing this update will be with disabled SSL 3.0 (without this update the default setting were with SSL 3.0 enabled). This new "behavior" of Internet Explorer 11 is due to a vulnerability in SSL 3.0 that could allow information disclosure published in Microsoft Security Advisory 3009008 https://technet.microsoft.com/en-us/library/security/3009008 .


With SSL 3.0 disabled, you may experience the following error when accessing websites secured with SSL 3.0:



Turn on TLS 1.0,TLS 1.1 and TLS 1.2 in Advanced settings... The error message doesn't suggest to turn on the SSL 3.0 !

And finally, how to find out if SSL 3.0 is in use when accessing https websites ?
I guess, the easiest way is to view the properties of the accessed https webpage. For example:

 

If you need to access secured websites with SSL 3.0, you can override this setting (not recommended). For more info please visit Microsoft Security Advisory 3009008.
 

2 comments:

  1. tempat nyari SSL murah ya di IDwebhost.com Cuman disini kamu bisa menemukan paket terbaik untuk hosting webkamu.

    ReplyDelete
  2. Thanks for sharing this great and awesome information. Keep me more updates.
    upgrade from ie8 to ie11

    ReplyDelete