/build/static/layout/Breadcrumb_cap_w.png

K1000, K2000 POODLE and SSLv3

I keep checking to see if Dell KACE has a patch for POODLE, but haven't seen one.  Anyone else wondering how to change their K1000 and K2000 from accepting SSLv3?  I tested both of our appliances with: http://www.bolet.org/TestSSLServer/   and yes SSLv3 is accepted on both.  

1 Comment   [ + ] Show comment
  • Thanks for the answers, I'm aware of how to change this on the browser, but how do we patch or turn off SSLv3 on the KACE appliances themselves? - statusquo 9 years ago
    • you need to wait for Kace to issue a patch or call support to see if they can go in on the backend and disable it. This is a os/web server level change - SMal.tmcc 9 years ago

Answers (4)

Answer Summary:
Posted by: Drave 8 years ago
Purple Belt
1
Version 6.4 has disabled SSLv3.

If you check the release notes it mentions that SSLv3 is disabled.

https://support.software.dell.com/download/downloads?id=6060035

POODLE is no longer an issue according to them.
Posted by: bkelly 9 years ago
Red Belt
1
A public response to this vulnerability has been posted at http://www.kace.com/support/resources/kb/solutiondetail?sol=136510
Posted by: SMal.tmcc 9 years ago
Red Belt
1
If you change the settings on your browsers to use TLS that will fix it.  both ends need to be running ssl for the MTM to work plus since it is a MTM attack they have to be on your network.

to change your browsers:

for chrome on x86

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""

for chrome on x64

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command]
@="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --ssl-version-min=tls1 -- \"%1\""

for ie

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"SecureProtocols"=dword:00000a80

For Firefox we run a kscript batch file as user

cd /D "%APPDATA%\Mozilla\Firefox\Profiles\*.default"
echo user_pref("security.tls.version.min", 1);>>prefs.js

these all require a restart to take effect.  our machines are shutdown at night so within a day the fix was in place.  We made this a low-med priority since it requires a MTM.




Comments:
  • to test client browsers go to
    www.poodletest.com - SMal.tmcc 9 years ago
Posted by: SMal.tmcc 9 years ago
Red Belt
1
oh also to disable ssl on windows machines

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ