Solved

Missing Registry Key for SSL 3.0

Posted on 2010-09-13
2
1,865 Views
Last Modified: 2012-06-21
I need to change from SSL 2.0 to SSL 3.0 for a website running inside a DMZ on a Windows 7 box.  (Strange set up, I know, but it is what the business needs require.)  I have read other posts on this subject and the accepted method seems to be the following:

•Open Registry Editor.
•Select HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
•On the Edit menu select New then DWORD Value
•Name the new value Enabled
•Ensure the value is set to 0
•Restart the server

I have also read this Microsoft article.

http://support.microsoft.com/default.aspx/kb/187498

However, it seems to me that these instructions only take the action of DISABLING 2.0.  In my system there is no key for SSL 3.0.  So, if I disable SSL 2.0 without a key being prsent for SSL 3.0 will the site no longer to be able to function on HTTPS?  Is there a procedure I should follow to get SSL 3.0 installed on a Windows 7 system?

0
Comment
Question by:Lynn Huff
2 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 33666903
SSL2 is normally disabled on server 2008 / win7, SSL3 is normally enabled.  You can use the above registry to ensure that SSLv2 is disabled.  You can do the same registry changing SSL 3.0\server and set the value to 1 instead of 0 to ensure that SSLv3 is enabled, although you shouldn't have to.

If you are concerned if a particular version works or doesn't, I would suggest using OpenSSL.  This tool is normally used for various certificate things, which SSL requires certs.  You can google openssl download and whatever version of windows you want to install it on for a download link.  It is free opensource and has been around for many years.

Using openssl to connect only with SSLv3 to make sure it is enabled:
%opensslpath%\bin\openssl.exe s_client -host server.domain.com -port 443 -ssl3

can use the same with -ssl2 isntead of -ssl3 to try to connect using SSLv2 to make sure it does not work.
0
 
LVL 3

Accepted Solution

by:
Lynn Huff earned 0 total points
ID: 33672656
I moved this problem to a test environment and went ahead and changed the registry key for SSL 2.0 even though there was no corresponding registry key for SSL 3.0.  The site now uses SSL 3.0 even without a registry key for 3.0.  Not sure why this works, but my problem is solved none the less.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now