We need to shut off SSLv3 support in Frontmotion Firefox using group policy.
As far as I can see, the supplied ADMX files only list the deprecated setting "security.enable_ssl3".
The correct setting to use in modern Firefox is "security.tls.version.min" - are there any plans to release newer ADMX filew which cover this?
In the short term - how can we use group policy to turn off SSLv3 support in Frontmotion Firefox?
Thanks,
Nick Cole
UIS - MIS
University of Cambridge
POODLE SSLv3 vulnerability - using ADMX to turn off SSLv3?
-
- Posts:26
- Joined:Tue Nov 22, 2011 11:46 am
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
I made my own firefox.admx file beside the mozilla.admx file
it contains following:
and the adml file contains following:
it contains following:
Code: Select all
<policy name="SECURITY_TLS_VERSION_MIN" class="Machine" displayName="$(string.SECURITY_TLS_VERSION_MIN)" explainText="$(string.SECURITY_TLS_VERSION_MIN_Help)" presentation="$(presentation.SECURITY_TLS_VERSION_MIN)" key="Software\Policies\Mozilla\lockPref">
<parentCategory ref="FIREFOX" />
<supportedOn ref="windows:SUPPORTED_ProductOnly" />
<elements>
<decimal id="SECURITY_TLS_VERSION_MIN" key="Software\Policies\Mozilla\lockPref" valueName="security.tls.version.min" />
</elements>
</policy>
Code: Select all
<string id="SECURITY_TLS_VERSION_MIN">security.tls.version.min</string>
<string id="SECURITY_TLS_VERSION_MIN_Help">with the value 1 it's forcing minimum version tls 1.0 </string>
Code: Select all
<presentation id="SECURITY_TLS_VERSION_MIN">
<decimalTextBox refId="SECURITY_TLS_VERSION_MIN">Value:</decimalTextBox>
</presentation>
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
In the classic mozilla.adm file I found a entry called security.enable_ssl3 and set this to disabled.
-
- Posts:26
- Joined:Tue Nov 22, 2011 11:46 am
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to set security.tls.version.min = 1
You have to set security.tls.version.min = 1
Re: POODLE SSLv3 vulnerability - using ADMX to turn off SSLv
Would I still need to do this in the latest version of Firefox?trockenasche wrote:Nope, the option security.enable_ssl3 is obsolete and doesn't work since Firefox version 23.x.
You have to check out Testogen here because it's that good!