{"id":4922,"date":"2023-11-15T15:45:12","date_gmt":"2023-11-15T23:45:12","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4922"},"modified":"2023-11-15T15:45:14","modified_gmt":"2023-11-15T23:45:14","slug":"how-to-disable-ssl-v3-on-windows-servers","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4922","title":{"rendered":"How to Disable SSL V3 on Windows Servers"},"content":{"rendered":"\n

The best way is to have this done by a free tool called “IIS Crypto” from the Nartac Software. You can download the tool from here.<\/p>\n\n\n\n

https:\/\/www.nartac.com\/<\/a><\/p>\n\n\n\n

<\/p>\n\n\n\n

Below, is a way to get this done manually. but it’s not recommended.<\/p>\n\n\n\n

SSLv3 is an obsolete protocol, the main attack vector on which, at the time of writing, is an attack called\u00a0POODLE<\/a>. Disabling SSLv3 is the ultimate solution to mitigate security risks. Another option suitable for servers that critically require SSLv3 support is a signalizing TLS_FALLBACK_SCSV cipher suite that allows to keep SSLv3 enabled, but prevents downgrade attacks from higher protocols (TLSv1 =< ). Unfortunately, at the time of writing, Microsoft didn\u2019t yet add support for TLS_FALLBACK_SCSV in SChanel. Therefore, disabling SSLv3 is the only mitigation measure a certificate administrator can apply against POODLE in case of a\u00a0Windows Server<\/strong>.<\/p>\n\n\n\n

  1. Open registry editor:Win + R<\/strong>\u00a0>>\u00a0regedit<\/em><\/strong><\/li>
  2. Navigate to:HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\Schannel\\Protocols\\<\/strong>\"Hardening_9.jpg\"<\/li>
  3. By default, there should be only one key presented\u00a0\u201cSSL 2.0\u201d<\/strong>. We need to create a new one for SSLv3Right-click on\u00a0Protocols<\/strong>\u00a0>>\u00a0New\u00a0<\/strong>>>\u00a0Key<\/strong>Name the key\u00a0‘SSL 3.0’<\/strong><\/em>\"Hardening_10.jpg\"<\/li>
  4. Right-click on\u00a0SSL 3.0<\/strong>\u00a0>>\u00a0New\u00a0<\/strong>>>\u00a0Key<\/strong>\"Hardening_11.jpg\"Name the key\u00a0‘Server’<\/strong><\/em><\/li>
  5. Right-click on\u00a0Server<\/strong>\u00a0>>\u00a0New\u00a0<\/strong>>>\u00a0DWORD (32-bit) Value<\/strong>\"Hardening_12.jpg\"Name the value\u00a0Enabled<\/em>‘<\/strong><\/li>
  6. Double-click the\u00a0Enabled<\/strong>\u00a0value and make sure that there is zero (0) in the\u00a0Value Data<\/strong>\u00a0field >> click\u00a0OK<\/strong>\"Hardening_13.jpg\"<\/li>
  7. You may need to restart Windows Server to apply the changes.<\/li><\/ol>\n\n\n\n

    Ref: Disabling SSLv3 – SSL Certificates – Namecheap.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    The best way is to have this done by a free tool called “IIS Crypto” from the Nartac Software. You can download the tool from here. https:\/\/www.nartac.com\/ Below, is a way to get this done manually. but it’s not recommended. SSLv3 is an obsolete protocol, the main attack vector on which, at the time of Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[10,15],"tags":[1708,1709],"class_list":["post-4922","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-windows-servers","tag-disable-ssl-v3-windows-server","tag-disable-tls-1-0-on-windows-servers"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4922"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4922\/revisions"}],"predecessor-version":[{"id":4923,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4922\/revisions\/4923"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}