FrontMotion

Forums for FrontMotion
https://forums.frontmotion.com/

POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?

https://forums.frontmotion.com/viewtopic.php?f=10&t=1607

Page 1 of 1

POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?

Posted: Thu Oct 16, 2014 2:36 am
by nec10
We need to shut off SSLv3 support in Frontmotion Firefox using group policy.

As far as I can see, the supplied ADMX files only list the deprecated setting "security.enable_ssl3".

The correct setting to use in modern Firefox is "security.tls.version.min" - are there any plans to release newer ADMX filew which cover this?

In the short term - how can we use group policy to turn off SSLv3 support in Frontmotion Firefox?

Thanks,

Nick Cole
UIS - MIS
University of Cambridge

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Posted: Tue Oct 21, 2014 9:46 am
by trockenasche
I made my own firefox.admx file beside the mozilla.admx file
it contains following:

Code: Select all

<policy name="SECURITY_TLS_VERSION_MIN" class="Machine" displayName="$(string.SECURITY_TLS_VERSION_MIN)" explainText="$(string.SECURITY_TLS_VERSION_MIN_Help)" presentation="$(presentation.SECURITY_TLS_VERSION_MIN)" key="Software\Policies\Mozilla\lockPref">
      <parentCategory ref="FIREFOX" />
      <supportedOn ref="windows:SUPPORTED_ProductOnly" />
      <elements>
        <decimal id="SECURITY_TLS_VERSION_MIN" key="Software\Policies\Mozilla\lockPref" valueName="security.tls.version.min" />
      </elements>
    </policy>
and the adml file contains following:

Code: Select all

<string id="SECURITY_TLS_VERSION_MIN">security.tls.version.min</string>
<string id="SECURITY_TLS_VERSION_MIN_Help">with the value 1 it's forcing minimum version tls 1.0 </string>

Code: Select all

<presentation id="SECURITY_TLS_VERSION_MIN">
        <decimalTextBox refId="SECURITY_TLS_VERSION_MIN">Value:</decimalTextBox>
      </presentation>

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Posted: Thu Oct 23, 2014 8:24 pm
by jab_au
In the classic mozilla.adm file I found a entry called security.enable_ssl3 and set this to disabled.

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Posted: Fri Oct 24, 2014 4:56 am
by trockenasche
Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to set security.tls.version.min = 1

Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv

Posted: Fri Feb 12, 2016 5:46 am
by Zylo
trockenasche wrote:Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to check out Testogen here because it's that good!
Would I still need to do this in the latest version of Firefox?
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/