Link to home
Create AccountLog in
Avatar of cja-tech-guy
cja-tech-guyFlag for United States of America

asked on

Disable SSL 3

Hello Experts
Should we disable SSL 3 on our server?  What other programs will be affected by doing this?

I found the steps below, is this the best way to disable SSL 3?

Thanks,
cja

Microsoft IIS: How to Disable the SSL v3 Protocol

Open the Registry Editor and run it as administrator.

For example, in Windows 2012:

On the Start screen type regedit.exe.

Right-click on regedit.exe and click Run as administrator.

In the Registry Editor window, go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\

Windows Registry Key

In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.

Windows Registry Key

Name the key, SSL 3.0.

In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.

Windows Registry Key

Name the key, Client.

In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.

Windows Registry Key

Name the key, Server.

In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.

Windows Registry Key

Name the value DisabledByDefault.

In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.

Windows Registry Key

In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.

In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.

Windows Registry Key

Name the value Enabled.

In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.

Windows Registry Key

In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.

Restart your Windows server.

You have successfully disabled the SSL v3 protocol.
ASKER CERTIFIED SOLUTION
Avatar of Patrick Bogers
Patrick Bogers
Flag of Netherlands image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of cja-tech-guy

ASKER

Are the steps I sent with the question the best way to disable it?
Best way? I think not. I prefer iiscrypto to do the job.
https://www.nartac.com/Products/IISCrypto

Cheers
Ok, but do the steps listed look correct?
Yes for just cutting out ssl 3 they look fine.
thanks