how to disable sslv3 for all my computers

how to disable sslv3 for all my computers, do anyone have any ideas?
http://www.saotn.org/time-disable-sslv3-or-what/
LVL 2
IT GuyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John-Charles-HerzbergCommented:
If you need to Disabling POODLE  SSLv3 Support in Browsers this is how you do it.

https://zmap.io/sslv3/browsers.html
0
StampelCommented:
SSLv3 need to be disabled on the server side only
0
IT GuyAuthor Commented:
Thanks Guys

@ John-Charles-Herzberg - i was hoping for a solution to disable all PC's via script or some other tool rather than doing one PC at a time.

@ Stampel - are you sure if we disable only server side it will not affect the local PC's
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

StampelCommented:
Nop It won't, SSL will fallback to SSLv2 (assuming you had SSLv2 Cypher on server side, but who would not ? And you will review this when configuring server.)
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
At least for IE you can run the MS FixIt or a Group Policy, as described in the MS Security Advisory at https://technet.microsoft.com/en-us/library/security/3009008.aspx . The FixIt can be called with MSI options, I recommend /passive to not get any prompts.

As https://zmap.io/sslv3/browsers.html and other sources tell, you need to change the startup options for Chrome - no setting there. The best automated approach here is the described change of the registry, which can be done with a batch. The batch only acts if Chrome is the default browser.
@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2*" %A in ('reg query HKCR\http\shell\open\command ^| find "Chrome" ') do (
  set val=%%B
  set val=!val:"=""""!
  reg add HKCR\http\shell\open\command /f /ve /t Reg_SZ /d "!val:-- =--ssl-version-min=tls1 -- !"
)

Open in new window


But: Chrome and FireFox will receive updates (if not already done) to disable SSLv3 by default.
And to use an exploit, an attacker needs local, direct access to the victim, and so needs to be in (W)LAN etc.
And of course you need to make sure that the client does not allow SSLv3 to be certain it is not used. You do not have control over all servers, and contacting any unpatched server opens the client up to the attack (if all the other requirements are met, of course). It is not safe to rely on proper server settings.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Any reason for "B" grade? I'm pretty certain my anser was worth more than that.
0
IT GuyAuthor Commented:
sorry the B grade was a mistake i meant A - any idea how to change it?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.