asked on Disable SSL 3
Hello Experts
Should we disable SSL 3 on our server? What other programs will be affected by doing this?
I found the steps below, is this the best way to disable SSL 3?
Thanks,
cja
Microsoft IIS: How to Disable the SSL v3 Protocol
Open the Registry Editor and run it as administrator.
For example, in Windows 2012:
On the Start screen type regedit.exe.
Right-click on regedit.exe and click Run as administrator.
In the Registry Editor window, go to:
HKEY_LOCAL_MACHINE\SYSTEM\
Windows Registry Key
In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, SSL 3.0.
In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Client.
In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Server.
In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value DisabledByDefault.
In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value Enabled.
In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
Restart your Windows server.
You have successfully disabled the SSL v3 protocol.
Should we disable SSL 3 on our server? What other programs will be affected by doing this?
I found the steps below, is this the best way to disable SSL 3?
Thanks,
cja
Microsoft IIS: How to Disable the SSL v3 Protocol
Open the Registry Editor and run it as administrator.
For example, in Windows 2012:
On the Start screen type regedit.exe.
Right-click on regedit.exe and click Run as administrator.
In the Registry Editor window, go to:
HKEY_LOCAL_MACHINE\SYSTEM\
Windows Registry Key
In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, SSL 3.0.
In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Client.
In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Server.
In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value DisabledByDefault.
In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value Enabled.
In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
Restart your Windows server.
You have successfully disabled the SSL v3 protocol.
Windows OSSSL / HTTPSGolang
Last Comment
cja-tech-guy
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Are the steps I sent with the question the best way to disable it?
Best way? I think not. I prefer iiscrypto to do the job.
https://www.nartac.com/Products/IISCrypto
Cheers
https://www.nartac.com/Products/IISCrypto
Cheers
ASKER
Ok, but do the steps listed look correct?
Yes for just cutting out ssl 3 they look fine.
ASKER
thanks