Solved

How to disable SSL 3.0 in IE and the registry on W2008 servers

Posted on 2015-01-21
2
372 Views
Last Modified: 2015-01-22
We're trying to ensure that our W2008 servers do not use SSL 3.0. I've disabled the keys under HKey Local Machine and in IE but the servers are still using SSL 3.0. There must be another setting somewhere. Any ideas?
0
Comment
Question by:allysonhouston
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
I believe you have followed this to disable the client and server - do first close all open Internet Explorer windows and re-test @ https://technet.microsoft.com/en-us/library/security/3009008.aspx

But for the registry specifically, do check this out instead. By default, Client SSL 2.0 is disabled in Windows Server 2008, Windows Server 2008 R2, and Windows 7. This means that the computer will not use SSL 2.0 to start a Client Hello. So to disable SSLv3 protocols, see below
 @ https://support.microsoft.com/kb/245030

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000

After you do take this action, you have to restart the server.
0
 

Author Closing Comment

by:allysonhouston
Comment Utility
Thank you for the clarification!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
OfficeMate Freezes on login or does not load after login credentials are input.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now