POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?

Post Reply
nec10
Posts:2
Joined:Wed Jul 18, 2012 3:03 am
POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?

Post by nec10 » Thu Oct 16, 2014 2:36 am

We need to shut off SSLv3 support in Frontmotion Firefox using group policy.

As far as I can see, the supplied ADMX files only list the deprecated setting "security.enable_ssl3".

The correct setting to use in modern Firefox is "security.tls.version.min" - are there any plans to release newer ADMX filew which cover this?

In the short term - how can we use group policy to turn off SSLv3 support in Frontmotion Firefox?

Thanks,

Nick Cole
UIS - MIS
University of Cambridge

trockenasche
Posts:26
Joined:Tue Nov 22, 2011 11:46 am

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Post by trockenasche » Tue Oct 21, 2014 9:46 am

I made my own firefox.admx file beside the mozilla.admx file
it contains following:

Code: Select all

<policy name="SECURITY_TLS_VERSION_MIN" class="Machine" displayName="$(string.SECURITY_TLS_VERSION_MIN)" explainText="$(string.SECURITY_TLS_VERSION_MIN_Help)" presentation="$(presentation.SECURITY_TLS_VERSION_MIN)" key="Software\Policies\Mozilla\lockPref">
      <parentCategory ref="FIREFOX" />
      <supportedOn ref="windows:SUPPORTED_ProductOnly" />
      <elements>
        <decimal id="SECURITY_TLS_VERSION_MIN" key="Software\Policies\Mozilla\lockPref" valueName="security.tls.version.min" />
      </elements>
    </policy>
and the adml file contains following:

Code: Select all

<string id="SECURITY_TLS_VERSION_MIN">security.tls.version.min</string>
<string id="SECURITY_TLS_VERSION_MIN_Help">with the value 1 it's forcing minimum version tls 1.0 </string>

Code: Select all

<presentation id="SECURITY_TLS_VERSION_MIN">
        <decimalTextBox refId="SECURITY_TLS_VERSION_MIN">Value:</decimalTextBox>
      </presentation>

User avatar
jab_au
Posts:21
Joined:Thu Nov 29, 2007 4:57 am
Location:New South Wales, Australia
Contact:

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Post by jab_au » Thu Oct 23, 2014 8:24 pm

In the classic mozilla.adm file I found a entry called security.enable_ssl3 and set this to disabled.

trockenasche
Posts:26
Joined:Tue Nov 22, 2011 11:46 am

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Post by trockenasche » Fri Oct 24, 2014 4:56 am

Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to set security.tls.version.min = 1

Zylo
Posts:1
Joined:Thu Feb 11, 2016 5:51 am

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Post by Zylo » Fri Feb 12, 2016 5:46 am

trockenasche wrote:Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to check out Testogen here because it's that good!
Would I still need to do this in the latest version of Firefox?

Post Reply