What will happen to older browsers if I disable SSLv3 on my webserver?

Question

We have a public facing e-commerce web site. Our credit card payment provider has told us they won't support RC4 encryption anymore. They said that users with older browsers may or may not be able to place orders on our site.

If we disable SSLv3 on our website, what will happen to users with an older browser when they try to access the HTTPS pages?

[This](http://serverfault.com/questions/637706/poodle-is-disabling-ssl-v3-on-server-really-a-solution) might give you some information. — suspect01, Nov 11 '15 at 19:31
That's a bit silly, RC4 should be good enough for low value data, like credit cards. — CodesInChaos, Nov 12 '15 at 08:46
I'm just surprised to see that anyone is still running SSLv3 and has RC4 support anymore! — Brian Knoblauch, Nov 12 '15 at 13:39
`...what will happen to users with an older browser...`? They won't work, which is as it should be. — user2338816, Nov 12 '15 at 15:24
What is the distribution of web browsers and versions which access your website? — MonkeyZeus, Nov 12 '15 at 15:53
@JonnyWizz [Poe's law](https://en.wikipedia.org/wiki/Poe%27s_law). — Voo, Nov 12 '15 at 17:49
TLS 1.0 is supported as early as IE7, so for a very large majority of users it should be ok. — njzk2, Nov 12 '15 at 22:34
@Voo What if you've been Pow's Law'd because JohnnyWizz already detected Poe's Law? — MonkeyZeus, Nov 13 '15 at 18:20
@Monkey But what if I actually knew that he noticed and just Poe'd you? ;) — Voo, Nov 13 '15 at 18:29
@Voo No further questions your honor, I would like to take this opportunity to weep semi-quietly in the corner. — MonkeyZeus, Nov 13 '15 at 18:33
@JonnyWizz I'm serious. In my opinion their value is relatively low. They're targeted by common criminals, sold in bulk of a dollar or so per number. Generally there are much easier ways to obtain them than exploiting weaknesses in RC4. They expire after a few years and thus don't require long term security. Compare this with high value targets, like important servers, internet routers, Tor who face state level adversaries. Dissidents&co need long term security since the state might record all communications passively and put them in prison after breaking it a few years later. — CodesInChaos, Nov 17 '15 at 17:40

mti2935 · Accepted Answer · 2015-11-12T15:20:10.130

If you disable SSLv3 on your site, then older browsers that do not support TLSv1 or higher will not be able to connect to your site by SSL/TLS.

Having said that, SSLv3 has been deprecated for some time, thanks to POODLE. As a result, many web sites that employ SSL/TLS have stopped supporting SSLv3 for a while now. So, users that are still using older browsers that do not support TLSv1.0 or higher are likely to be having problems connecting to many sites by SSL/TLS (in addition to yours if you've disabled SSLv3).

In fact, in addition to the payment card industry (PCI) requiring sites that accept card information to disable SSLv3 - they are in the process of mandating that these sites phase out support for TLSv1.0 as well. Soon, all sites that accept card information will be required to support TLSv1.1 or higher.

Edit: See this Wikipedia page for a good reference on SSL/TLS protocols supported by various browsers.

The PCI 3.1 requirements may also include a phase-out of TLSv1.1 as well. Their standard talks about early TLS being insecure. They reference TLSv1.0 and TLSv1.1. Ciphers did not change much from 1.0 to 1.1 because the requirements did not change. As such there is enormous overlap. Many companies are expecting to be TLSv1.2 only by June 2016. Once we get closer, however, PCI may provide clarification. — pr-, Nov 12 '15 at 19:47

score 13 · Answer 2 · answered Nov 11 '15 at 19:54

13

It's hard to know exactly what will happen without knowing exactly what the rest of your SSL setup is and what protocols you're supporting. But the most likely outcome is IE6 won't work, and very old version of Java won't work. Generally that's not much of an issue for most people since IE6 is dead and buried. Everything else supports at least TLS 1, which has been around since 1999.

Why guess though? Put up a test config on a publicly facing server, and point SSL Labs test at it. Among other things, this site will do simulations of different browsers handshakes with your server. You'll likely uncover some other problems that might need some cleanup.

answered Nov 11 '15 at 19:54

Steve Sether

21,480
8
50
76

We did this and got a C. Primarily because we have not disabled ssl v3 – Sam Markani Nov 11 '15 at 20:25
10

@SamMarkani, it's not the letter grade you should be paying attention to -- scroll down to the part where it shows a simulation of a handshake from different browsers/clients. This will show you which browsers will be able to connect and which ones won't. – D.W. Nov 12 '15 at 07:41

score 4 · Answer 3 · answered Nov 11 '15 at 19:50

4

If you disable SSL v3 on your server, the main impact is that people running Internet Explorer on Windows XP will be unable to connect. Every other browser has supported TLS v1 with AES encryption since time immemorial.

answered Nov 11 '15 at 19:50

Mark

34,390
9
85
134

3

"Internet Explorer **6** on Windows XP will be unable to connect." I am running a server with TLS 1.0+ only support and IE8 on WinXP has no issues that I could find. – MonkeyZeus Nov 12 '15 at 15:58
@MonkeyZeus, are you connecting using RC4 encryption, or AES encryption? The question mentions disabling RC4 in addition to disabling SSLv3, and nothing I've found indicates that IE8 on WinXP supports AES. – Mark Nov 12 '15 at 21:36
1

AES and RC4 aren't the only ciphersuites. When I try ssllabs on one of my sites it tells me that IE8/XP will use TLS1.0 with TLS_RSA_WITH_3DES_EDE_CBC_SHA – Peter Green Nov 12 '15 at 22:07
@Mark hmm, good question. I'll post the output of my Qualys test shortly – MonkeyZeus Nov 13 '15 at 18:07
@Mark [**IE Results**](http://i.stack.imgur.com/TKXZi.png). Let me know if you want to see my httpd-ssl.conf – MonkeyZeus Nov 13 '15 at 18:11
@MonkeyZeus, thanks. I'd forgotten that people were still using 3DES. – Mark Nov 13 '15 at 19:58
0.49% of our users still use IE6. Our plan is to redirect these users to a page explaining the situation. – Sam Markani Nov 13 '15 at 23:16

score 4 · Answer 4 · answered Nov 11 '15 at 20:13

4

The Netscaler and other load balancers have the ability to redirect older SSL clients to a webpage that tells then end user to update their browser.

answered Nov 11 '15 at 20:13

makerofthings7

50,090
54
250
536

Froggiz · Answer 5 · 2015-11-14T08:50:00.240

TLSv1 works on almost all web browsers. The main trouble will occur with IE on Windows XP.

You can test your SSL level on ssllabs.com https://www.ssllabs.com and it will give you the browser's compatibility list

This is my Apache's SSL configuration :

SSLEngine on
SSLOptions +StrictRequire
SSLProxyEngine on

# HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

# Prevent Beast attack (requier !RC4 in SSLCipherSuite)
SSLHonorCipherOrder on

# Prevent Crime attack
SSLCompression off

# Prevent Poodle & Heartbleed (requier OpenSSL up to date) attacks
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4

I get this compatibility list ( with a security A Ranked ):

HonorOrder doesn't prevent Beast, although it can *reduce* it; excluding RC4 in CipherSuite (as you do, much more complexly than necessary) does prevent it. But you don't need to; browsers now prevent with 1/n splitting, and it turned out not to be practical anyway. HonorOrder with a cipherlist like yours may improve PFS. Your configuration doesn't prevent Heartbleed, and no configuration can, only corrected code. — dave_thompson_085, Nov 14 '15 at 00:56
Thanks, i updated the post to be more accurate, what is PFS ? — Froggiz, Nov 14 '15 at 08:54
https://en.wikipedia.org/wiki/Forward_secrecy (FS) "also [around here more often IME] known as Perfect Forward Secrecy" (PFS) means eavesdropped past data isn't compromised by future compromise of (server) privatekey. The "ephemeral" in DHE or ECDHE does this -- and your cipherlist combined with HonorOrder prefers them. — dave_thompson_085, Nov 14 '15 at 21:16

What will happen to older browsers if I disable SSLv3 on my webserver?

5 Answers5

Linked