cja-tech-guy
asked on
Disable SSL 3
Hello Experts
Should we disable SSL 3 on our server? What other programs will be affected by doing this?
I found the steps below, is this the best way to disable SSL 3?
Thanks,
cja
Microsoft IIS: How to Disable the SSL v3 Protocol
Open the Registry Editor and run it as administrator.
For example, in Windows 2012:
On the Start screen type regedit.exe.
Right-click on regedit.exe and click Run as administrator.
In the Registry Editor window, go to:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Secu rityProvid ers\Schann el\Protoco ls\
Windows Registry Key
In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, SSL 3.0.
In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Client.
In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Server.
In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value DisabledByDefault.
In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value Enabled.
In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
Restart your Windows server.
You have successfully disabled the SSL v3 protocol.
Should we disable SSL 3 on our server? What other programs will be affected by doing this?
I found the steps below, is this the best way to disable SSL 3?
Thanks,
cja
Microsoft IIS: How to Disable the SSL v3 Protocol
Open the Registry Editor and run it as administrator.
For example, in Windows 2012:
On the Start screen type regedit.exe.
Right-click on regedit.exe and click Run as administrator.
In the Registry Editor window, go to:
HKEY_LOCAL_MACHINE\SYSTEM\
Windows Registry Key
In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, SSL 3.0.
In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Client.
In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
Windows Registry Key
Name the key, Server.
In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value DisabledByDefault.
In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
Windows Registry Key
Name the value Enabled.
In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
Windows Registry Key
In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
Restart your Windows server.
You have successfully disabled the SSL v3 protocol.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Best way? I think not. I prefer iiscrypto to do the job.
https://www.nartac.com/Products/IISCrypto
Cheers
https://www.nartac.com/Products/IISCrypto
Cheers
ASKER
Ok, but do the steps listed look correct?
Yes for just cutting out ssl 3 they look fine.
ASKER
thanks
ASKER