Thank you for using Ubuntu and filing a bug. I'm going to mark this bug as "Won't Fix" because we don't want to disable SSLv3 before upstream and the rest of the internet. As mentioned, this change is planned and will happen with new upstream security update releases.
** Changed in: chromium-browser (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1383512 Title: SSL 3.0 is vulnerable, browser should not use Status in “chromium-browser” package in Ubuntu: Won't Fix Bug description: Release:14.04.1 Version: 37.0.2062.120-0ubuntu0.14.04.1~pkg1049 The Chromium browser requires an additonal flag to be specified at invocation to avoid falling back kto SSL 3.0 which is a vulnerable protocol. This option/flag should be specified by default. SSL 3.0 is slated to be removed in the future, so the impact of this change is inevitable. More detail at: http://www.kb.cert.org/vuls/id/577193 Browser reconfiguration info can be found at: http://nakedsecurity.sophos.com/poodle-some-tips-for-turning-off-ssl-3-0/ For Ubuntu, the attached patch should be sufficient. (chromium_poodle.patch) -Matt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1383512/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp