K1000, K2000 POODLE and SSLv3
I keep checking to see if Dell KACE has a patch for POODLE, but haven't seen one. Anyone else wondering how to change their K1000 and K2000 from accepting SSLv3? I tested both of our appliances with: http://www.bolet.org/TestSSLServer/ and yes SSLv3 is accepted on both.
1 Comment
[ + ] Show comment
-
Thanks for the answers, I'm aware of how to change this on the browser, but how do we patch or turn off SSLv3 on the KACE appliances themselves? - statusquo 10 years ago
-
you need to wait for Kace to issue a patch or call support to see if they can go in on the backend and disable it. This is a os/web server level change - SMal.tmcc 10 years ago
Answers (4)
Answer Summary:
Please log in to answer
Posted by:
Drave
9 years ago
Posted by:
bkelly
10 years ago
Posted by:
SMal.tmcc
10 years ago
If you change the settings on your browsers to use TLS that will fix it. both ends need to be running ssl for the MTM to work plus since it is a MTM attack they have to be on your network.
to change your browsers:
for chrome on x86
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""
for chrome on x64
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""
for ie
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"SecureProtocols"=dword:00000a80
For Firefox we run a kscript batch file as user
cd /D "%APPDATA%\Mozilla\Firefox\Profiles\*.default"
echo user_pref("security.tls.version.min", 1);>>prefs.js
these all require a restart to take effect. our machines are shutdown at night so within a day the fix was in place. We made this a low-med priority since it requires a MTM.
to change your browsers:
for chrome on x86
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""
for chrome on x64
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""
for ie
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"SecureProtocols"=dword:00000a80
For Firefox we run a kscript batch file as user
cd /D "%APPDATA%\Mozilla\Firefox\Profiles\*.default"
echo user_pref("security.tls.version.min", 1);>>prefs.js
these all require a restart to take effect. our machines are shutdown at night so within a day the fix was in place. We made this a low-med priority since it requires a MTM.
Comments:
-
to test client browsers go to
www.poodletest.com - SMal.tmcc 10 years ago
Posted by:
SMal.tmcc
10 years ago