Easily protect Firefox on SLED on multiple machines against POODLE attack

Share
Share

As has been much publicised recently, (including Understanding POODLE), an unfixable vulnerability has been found in SSLv3 and it is recommended that support for it be disabled. Mozilla have said that SSLv3 will be disabled by default in Firefox 34, but SLED, very sensibly for an Enterprise distro, uses the Extended Support Releases of Firefox so a version of Firefox in which SSLv3 is disabled by default may be some time away for SLED users.

If you want to easily disable use of SSLv3 in Firefox on lots of SLED machines, the solution lies in a previous SUSE Conversations submission, Setting and locking Firefox preferences in SLED. (The article says it assumes SLED 11 SP3 with Firefox ESR 24 but it also works for SLED 12 with Firefox ESR 31.)

To disable use of SSLv3 and prevent users from enabling it add this line to initech.cfg

lockPref("security.tls.version.min", 1);

If you want to disable is by default by allow users to enable should they want to, add this line to aaa_initech.js

pref("security.tls.version.min", 1);

To test the setting, go to https://poodle.io/ and you should see “Good News! Your browser does not support SSLv3.”

Share
(Visited 1 times, 1 visits today)

Comments

  • mikewillis says:

    As of 19th November SUSE are shipping Firefox for SLED 11 SP3 with SSLv3 disabled by default. It is still enabled by default for SLED 12.

  • mikewillis says:

    As of 27th November SUSE are shipping Firefox for SLED 12 with SSLv3 disabled by default.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    2,740 views