Lynn Huff
asked on
Missing Registry Key for SSL 3.0
I need to change from SSL 2.0 to SSL 3.0 for a website running inside a DMZ on a Windows 7 box. (Strange set up, I know, but it is what the business needs require.) I have read other posts on this subject and the accepted method seems to be the following:
•Open Registry Editor.
•Select HKEY_LOCAL_MACHINE\System\ CurrentCon trolSet\Co ntrol\Secu rityProvid ers\SCHANN EL\Protoco ls\SSL 2.0\Server
•On the Edit menu select New then DWORD Value
•Name the new value Enabled
•Ensure the value is set to 0
•Restart the server
I have also read this Microsoft article.
http://support.microsoft.com/default.aspx/kb/187498
However, it seems to me that these instructions only take the action of DISABLING 2.0. In my system there is no key for SSL 3.0. So, if I disable SSL 2.0 without a key being prsent for SSL 3.0 will the site no longer to be able to function on HTTPS? Is there a procedure I should follow to get SSL 3.0 installed on a Windows 7 system?
•Open Registry Editor.
•Select HKEY_LOCAL_MACHINE\System\
•On the Edit menu select New then DWORD Value
•Name the new value Enabled
•Ensure the value is set to 0
•Restart the server
I have also read this Microsoft article.
http://support.microsoft.com/default.aspx/kb/187498
However, it seems to me that these instructions only take the action of DISABLING 2.0. In my system there is no key for SSL 3.0. So, if I disable SSL 2.0 without a key being prsent for SSL 3.0 will the site no longer to be able to function on HTTPS? Is there a procedure I should follow to get SSL 3.0 installed on a Windows 7 system?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are concerned if a particular version works or doesn't, I would suggest using OpenSSL. This tool is normally used for various certificate things, which SSL requires certs. You can google openssl download and whatever version of windows you want to install it on for a download link. It is free opensource and has been around for many years.
Using openssl to connect only with SSLv3 to make sure it is enabled:
%opensslpath%\bin\openssl.
can use the same with -ssl2 isntead of -ssl3 to try to connect using SSLv2 to make sure it does not work.