Secure Websites Not Responding – Disable SSLv3

With the latest news about the new SSL vulnerability, after the not so long ago HEARTBLEED vulnerability, now we are been threatened by a POODLE. Because of this, browsers are blocking the use of SSLv3 causing some HTTPS websites to stop responding, in my case either in Chromium and Firefox. I noticed that any other website was working fine but every time a tried to access Gmail or Outlook mail services, my browser kept hanging on with the loading icon twirling and twirling, after almost 3 minutes, then I received a prompted error about SSL Certificate error. Do you wonder why the name? Actually, this vulnerability was call POODLE because of its acronym which means, Padding Oracle On Downgraded Legacy Encryption.

If you are having the same problem, this means your browser is susceptible to the POODLE nightmare :-). The only way to fix this problem is disabling SSLv3. These are the solutions for Chromium and Firefox in Ubuntu 14.04 LTS. See my configurations below.

My computer configurations

Disabling SSLv3 in Chromium

To fix your problem in Chromium you have to get your hands dirty and open your Terminal with Ctrl+Alt+T and type in:

~$ sudo gedit /usr/share/applications/chromium-browser.desktop

Type in your password when prompted and Enter/Return. This will open your text editor with administration privileges. Find the line that says:

Exec=chromium-browser %U

and modify it to:

Exec=chromium-browser --ssl-version-min=tls1 %U

Save and close the editor and in the terminal enter command:

~$ sudo gedit /etc/chromium-browser/default

This will allow you to edit the configuration file for Chromium browser, find the line that look something like:

CHROMIUM_FLAGS=""

and modify it with:

CHROMIUM_FLAGS="--ssl-version-min=tls1"

Save and close the browser for the settings to take effect. You might have to sign in again if you have your browser synced.

Disabling SSLv3 in Mozilla Firefox

If you use Mozilla also, as I do, then open your Firefox browser and type in the address bar:

about:config

This will prompt a warning to be careful, press OK.

Firefox warning when configuring by hand

In the search bar type in:

security.tls.version.min

From all the  options that show up use the one that actually says security.tls.version.min, double click in the value column which will prompt you a text field, if the value is not 1 then change this value to 1.

Also you can install the Mozilla extension to disable this by default, found it here.

With this done, you should be able to log in to your email accounts, use your Facebook and any other service that requires SSL encryption. The only thing this does is to use TLS1, TLS2 and TLS3 as the main options for secure communication and avoid using the compromised SSL version 3 service.

For more information about the Poodle thread follow this link or read this PDF file. If you need to information in how to accomplish this in other browsers and operating systems, you can visit this pages:

  1. https://disablessl3.com/
  2. Ask Ubuntu thread – really good

I hope this help you guys… Happy Coding and Happy Developing!

CUPS – Forbiden – Ubuntu 13.10

Wow, I haven’t had a hard time with Ubuntu 13.10 until I bought a new laser printer from Lexmark. The printer was fine and I downloaded all the required files from lexmark.com, but an error pop out from the Ubuntu Software Center stating that the package was malformed. Anyway, I submitted the error to Lexmark and try again with Linux community options. Then I was instructed to use CUPS, which can be accessed typing http://localhost:631 in your browser’s address bar.

As stated in the overview page: “CUPS is the standards-based, open source printing system developed by Apple Inc. for OS® X and other UNIX®-like operating systems. CUPS is the software you use to print from applications like the web browser you are using to read this page. It converts the page descriptions produced by your application (put a paragraph here, draw a line there, and so forth) into something your printer can understand and then sends the information to the printer for printing.”

Now as I was instructed by the community I tried to add a printer but then, the devil popped out, the http authentication window asking for user/password credentials. Well, I figured out that it refers to my login credential so I tried but the page refreshed and a message in the screen saying FORBIDEN.

After reading a couple of forums, I tried refresing the root password, adding my user in the lpadmin group and on and on… and, of course, FORBIDEN became the worst bad word someone could ever said to me that day. I was frustrated. But then the light appeared, and a solution that really works come to my attention that illuminated my way and finally I was able to access the administration section of CUPS web interface. Halleluhiah!

But I will trace my steps just in case this does not work by itself (for this just hit Ctrl+Alt+T to open the terminal):

First download and install drivers from Linux Open Printing:

Find your printer by manufacturer and model. Make sure to download the PPD files too, which you will required when installing.

Adding my user into the lpadmin group using:

sudo usermod -a -G lpadmin username

Adding root user into the lpadmin group using:

sudo usermod -a -G lpadmin username

Edit the CUPS configuration file that can be found in /etc/cups/ with the command:

sudo gedit /etc/cups/cupsd.conf

Add the following lines after the line that says Listen /var/run/cups/cups.sock:
Listen 127.0.0.1:631 #to allow web interface
Listen 192.168.10.250:631 #to allow network access

Find the line <Location /admin/conf> and add in between:
Order allow,deny
Allow @LOCAL

Shoul looks:

AuthType Default
Require user @SYSTEM
Order allow,deny
Allow @LOCAL

Now, what really do the trick, add the following line after WebInterface Yes:

SystemGroup lpadmin

That’s it, try accessing or adding a printer with the web interface a leave a comment if works!

If your problem persists try:


gksudo system-config-printer

And add the printer with the Gnome Interface.

Happy Coding!

Reference:
CUPS web interface wants a password?
Authentication required to modify a printer- what’s the password?
CUPS 403 Forbidden error
Open Printing