How to Disable SSL 3.0

Keystyle Support Team -

http://disablessl3.com/

https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

 

Why should you disable SSL 3.0/SSLv3?

"Google engineers pointed out that SSLv3 is broken (with an exploitation technique known as POODLE) and should not be used any longer. There is a patch, but it does not mitigate the issue completely as it will work only if both sides of the connection have been patched. SSLv3 is nearly 18 years old, but support for it remains widespread. Clients and servers should disable SSLv3 as soon as possible."

 

How to disable SSL3.0?

  1. Open the Registry Editor and run it as administrator.

For example, in Windows 2012:

  1. On theStart screen type exe.
  2. Right-click onexe and click Run as administrator.
  1. In theRegistry Editor window, go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\

 

  1. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
  2. Name the key, SSL 3.0.
  3. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
  4. Name the key, Client.
  5. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
  6. Name the key, Server.
  7. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
  8. Name the value DisabledByDefault.
  9. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
  10. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
  11. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
  12. Name the value Enabled.
  13. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
  14. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
  15. Restart your Windows server.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk