Page 1 of 1
POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?
Posted: Thu Oct 16, 2014 2:36 am
by nec10
We need to shut off SSLv3 support in Frontmotion Firefox using group policy.
As far as I can see, the supplied ADMX files only list the deprecated setting "security.enable_ssl3".
The correct setting to use in modern Firefox is "security.tls.version.min" - are there any plans to release newer ADMX filew which cover this?
In the short term - how can we use group policy to turn off SSLv3 support in Frontmotion Firefox?
Thanks,
Nick Cole
UIS - MIS
University of Cambridge
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
Posted: Tue Oct 21, 2014 9:46 am
by trockenasche
I made my own firefox.admx file beside the mozilla.admx file
it contains following:
Code: Select all
<policy name="SECURITY_TLS_VERSION_MIN" class="Machine" displayName="$(string.SECURITY_TLS_VERSION_MIN)" explainText="$(string.SECURITY_TLS_VERSION_MIN_Help)" presentation="$(presentation.SECURITY_TLS_VERSION_MIN)" key="Software\Policies\Mozilla\lockPref">
<parentCategory ref="FIREFOX" />
<supportedOn ref="windows:SUPPORTED_ProductOnly" />
<elements>
<decimal id="SECURITY_TLS_VERSION_MIN" key="Software\Policies\Mozilla\lockPref" valueName="security.tls.version.min" />
</elements>
</policy>
and the adml file contains following:
Code: Select all
<string id="SECURITY_TLS_VERSION_MIN">security.tls.version.min</string>
<string id="SECURITY_TLS_VERSION_MIN_Help">with the value 1 it's forcing minimum version tls 1.0 </string>
Code: Select all
<presentation id="SECURITY_TLS_VERSION_MIN">
<decimalTextBox refId="SECURITY_TLS_VERSION_MIN">Value:</decimalTextBox>
</presentation>
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
Posted: Thu Oct 23, 2014 8:24 pm
by jab_au
In the classic mozilla.adm file I found a entry called security.enable_ssl3 and set this to disabled.
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
Posted: Fri Oct 24, 2014 4:56 am
by trockenasche
Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to set security.tls.version.min = 1
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
Posted: Fri Feb 12, 2016 5:46 am
by Zylo
trockenasche wrote:Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to
check out Testogen here because it's that good!
Would I still need to do this in the latest version of Firefox?