How do you disable SSL 3.0 on Windows Server 2008 R2 – IIS 7.5 for the Poodle Vulerability?
The vulnerability in the protocol itself so there is no patch for this. To solve the vulnerability, browse to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols in the registry.
Create a subkey named “SSL 3.0″ and another subkey under that named “Server”
In the “Server” subkey create a DWORD value named “Enabled” and leave it set at 0
You should also disable SSL 2.0 the same way except create a subkey call “SSL 2.0″
Qualys SSL Labs offer a tool to test your web servers here: https://www.ssllabs.com/ssltest/
You can then export the registry hive and import it to other web servers you may have.
Log in to answer.
Copyright © dBuggr.com - All Rights Reserved.