Solved

how to disable sslv3 for all my computers

Posted on 2014-11-03
8
224 Views
Last Modified: 2014-11-11
how to disable sslv3 for all my computers, do anyone have any ideas?
http://www.saotn.org/time-disable-sslv3-or-what/
0
Comment
Question by:NxJNY
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 14

Assisted Solution

by:John-Charles-Herzberg
John-Charles-Herzberg earned 150 total points
Comment Utility
If you need to Disabling POODLE  SSLv3 Support in Browsers this is how you do it.

https://zmap.io/sslv3/browsers.html
0
 
LVL 7

Expert Comment

by:Stampel
Comment Utility
SSLv3 need to be disabled on the server side only
0
 
LVL 2

Author Comment

by:NxJNY
Comment Utility
Thanks Guys

@ John-Charles-Herzberg - i was hoping for a solution to disable all PC's via script or some other tool rather than doing one PC at a time.

@ Stampel - are you sure if we disable only server side it will not affect the local PC's
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 7

Expert Comment

by:Stampel
Comment Utility
Nop It won't, SSL will fallback to SSLv2 (assuming you had SSLv2 Cypher on server side, but who would not ? And you will review this when configuring server.)
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 350 total points
Comment Utility
At least for IE you can run the MS FixIt or a Group Policy, as described in the MS Security Advisory at https://technet.microsoft.com/en-us/library/security/3009008.aspx . The FixIt can be called with MSI options, I recommend /passive to not get any prompts.

As https://zmap.io/sslv3/browsers.html and other sources tell, you need to change the startup options for Chrome - no setting there. The best automated approach here is the described change of the registry, which can be done with a batch. The batch only acts if Chrome is the default browser.
@echo off
setlocal EnableDelayedExpansion
for /F "tokens=2*" %A in ('reg query HKCR\http\shell\open\command ^| find "Chrome" ') do (
  set val=%%B
  set val=!val:"=""""!
  reg add HKCR\http\shell\open\command /f /ve /t Reg_SZ /d "!val:-- =--ssl-version-min=tls1 -- !"
)

Open in new window


But: Chrome and FireFox will receive updates (if not already done) to disable SSLv3 by default.
And to use an exploit, an attacker needs local, direct access to the victim, and so needs to be in (W)LAN etc.
And of course you need to make sure that the client does not allow SSLv3 to be certain it is not used. You do not have control over all servers, and contacting any unpatched server opens the client up to the attack (if all the other requirements are met, of course). It is not safe to rely on proper server settings.
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Any reason for "B" grade? I'm pretty certain my anser was worth more than that.
0
 
LVL 2

Author Comment

by:NxJNY
Comment Utility
sorry the B grade was a mistake i meant A - any idea how to change it?
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now