Solved

Missing Registry Key for SSL 3.0

Posted on 2010-09-13
2
1,960 Views
Last Modified: 2012-06-21
I need to change from SSL 2.0 to SSL 3.0 for a website running inside a DMZ on a Windows 7 box.  (Strange set up, I know, but it is what the business needs require.)  I have read other posts on this subject and the accepted method seems to be the following:

•Open Registry Editor.
•Select HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
•On the Edit menu select New then DWORD Value
•Name the new value Enabled
•Ensure the value is set to 0
•Restart the server

I have also read this Microsoft article.

http://support.microsoft.com/default.aspx/kb/187498

However, it seems to me that these instructions only take the action of DISABLING 2.0.  In my system there is no key for SSL 3.0.  So, if I disable SSL 2.0 without a key being prsent for SSL 3.0 will the site no longer to be able to function on HTTPS?  Is there a procedure I should follow to get SSL 3.0 installed on a Windows 7 system?

0
Comment
Question by:Lynn Huff
2 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 33666903
SSL2 is normally disabled on server 2008 / win7, SSL3 is normally enabled.  You can use the above registry to ensure that SSLv2 is disabled.  You can do the same registry changing SSL 3.0\server and set the value to 1 instead of 0 to ensure that SSLv3 is enabled, although you shouldn't have to.

If you are concerned if a particular version works or doesn't, I would suggest using OpenSSL.  This tool is normally used for various certificate things, which SSL requires certs.  You can google openssl download and whatever version of windows you want to install it on for a download link.  It is free opensource and has been around for many years.

Using openssl to connect only with SSLv3 to make sure it is enabled:
%opensslpath%\bin\openssl.exe s_client -host server.domain.com -port 443 -ssl3

can use the same with -ssl2 isntead of -ssl3 to try to connect using SSLv2 to make sure it does not work.
0
 
LVL 3

Accepted Solution

by:
Lynn Huff earned 0 total points
ID: 33672656
I moved this problem to a test environment and went ahead and changed the registry key for SSL 2.0 even though there was no corresponding registry key for SSL 3.0.  The site now uses SSL 3.0 even without a registry key for 3.0.  Not sure why this works, but my problem is solved none the less.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question