SSL v3 / POODLE Vulnerability - Update your ARD Scripts

watchmanmonitor · October 18, 2014, 2:54pm

In response to the recently announced SSL CVE, we will be removing SSLv3 from the list of acceptable ciphers from our servers.

In our testing, this has no effect on our agent’s ability to submit its reports, nor on the auto-update process.

However, in our Apple Remote Desktop usage examples, we indicated that --sslv3 should be used to download the installer to remote computers during installation.

Once this change is completed, the --sslv3 command will no longer function.
If you have saved the deployment script to your ARD admin console, you’ll want to replace --sslv3 with a TLS flag -1

The -L allows the command to be redirected to s3 where the installers are housed.
The -1 instructs curl to use TLSv1. (Only Yosemite allows the specification of TLS versions)

PS This is Allen’s favorite use of ARD EVER ;-).

watchmanmonitor · December 15, 2014, 6:38am

Everyone: a reminder that scripts created using the previously suggested --sslv3 will require updating.

The most recent command, suitable for copying & pasting into a Apple Remote Desktop or your other deployment scripts, can be found at

link_url/installers/mac/scripted

If you’ve already saved the scripts elsewhere, please update them by replacing --sslv3 with -1.

In case you’re wondering, the related curl flags are:

-L to allow redirection, currently required to pull the installer from its s3 host.
-1 is required on 10.7 or lower to force TLS for negotiation (Scripts target at 10.8+ can omit the -1 TLS 1.0 specification)
If your script targets Mac OS X 10.5, the -k flag is required, unless you’ve already patched the built-in curl binary.