[SOLVED] 64 bit web browser tests for poodle attack

[gordon64]

Hi I am not a security expert, but I went to this URL to check
https://zmap.io/sslv3

64 bit web browsers I found safe, claiming that

Good News! Your browser does not support SSLv3

epiphany
firefox-latest's local TCZ called firefox-official
opera-12


64 bit found not so safe claiming that

Warning! Your browser supports SSLv3

fifth

Browsers not tested or unable to see the result etc
firefox-nightly ....too old. IMHO no-one should be on it.
links and elinks.....both display the web site but give no indication, probably because they are text browsers.

I have yet to find a way to start fifth with a command that disables sslv3 but if anyone knows pls advise.

thanks for reading

EDIT
I made a .local/bin file with contents

#!/bin/sh
tce-load -i fifth
fifth --ssl-version-min=tls1

but attempting to use it gives error as

fifth: unrecognized option '--ssl-version-min=tls1'

[curaga]

Fifth has no config options for SSL, it uses the defaults of openssl. Ideally we'd compile openssl without ssl3, so no app would use it.

[gordon64]

curaga

I hope I don't embarrass you, but it turns out that you are the upstream maintainer of fifth.

Congratulations on your software and skills and thankyou for the tips.

Naturally I will look at re-compiling on 64 bit, Juanito's build script calls for curl-dev which has a dependency of openssl* and the running dependency has curl with a dependency of openssl*.
I shall see if modding those dep files and see if I can re-compile without openssl* support. Plus will try without curl support as well.

thanks again for your time.

Ideally we'd compile openssl without ssl3

I have failed to compile new certificates, slightly off topic, new certificates works with existing openssl but when I attempted to use them for new openssl....not knowing about sslv3, at time of build, the new certificates failed.

[curaga]

No, you can't compile Fifth without openssl. I mean we should compile openssl.tcz with sslv3 disabled. Some other distros are doing so.

[gordon64]

Thanks

on 64 bit just re-compiled openssl with extra compile option "no-ssl3"
recompiled fifth, with slight dep modification and fifth now passes the sslv3 test, tested locally.

OFFTOPIC
but my attempt to add new certificates and test a re-compiled elinks, built with new openssl, I called it elinks2 is not showing a display page for a https URL, so I have failed to get it all corrrect.

Juanito is aware of some of my failures. I fail more than I succeed. 

cheers

[gordon64]

completely offtopic I have certificates now working by going to this URL

https://cert-test.sandbox.google.com/

if certs work, you get

SHA-256 certificate test successful.

Please mark post as solved thanks