You are here

Home

How to disable SSL 3.0 - Windows IIS Server

Submitted by Asif Nowaj, Last Modified on 2019-11-08

If your Windows IIS server still supporting SSL v2 and SSL v3, you might need to disable them immediately. These old protocols are having very well known security vulnerabilities like POODLE. These protocols are already deprecated long back. See a brief details at What is TLS.

Below steps to disable SSL 3.0 is for Windows IIS Server 2012. But you might have an idea on how this might be working on other operating systems like Windows Server 2008, Windows Server 2008 R2 This involves modification of your server's registry and mistake or misuse may result damage your Operating system. So please take it at your own risk.

How to Disable the SSL 3.0 Protocol in Windows Server 2012

  1. Open the Registry Editor and run it as administrator. By writing regedit.exe and then right-click on regedit.exe and click Run as administrator.
  2. In the Registry Editor window, go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
  3. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.
  4. Name the key, SSL 3.0.
  5. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
  6. Name the key, Client.
  7. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
  8. Name the key, Server.
  9. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
  10. Name the value DisabledByDefault.
  11. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
  12. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
  13. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
  14. Name the value Enabled.
  15. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
  16. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
  17. Restart your Windows server.

You have successfully disabled the SSL v3 protocol.

  • 142 reads

Discussion or Comment

If you have anything in mind to share, please bring it in the discussion forum here.

https://forum.everyething.com/tls-f37/