How to disable SSL v3 for Microsoft IIS Server?

By | November 28, 2014

Due to the recent POODLE (Padding Oracle On Downgraded Legacy Encryption) SSLv3 vulnerability discovery, you may want to disable it to protect you and your visitors against this exploit. Here is the procedure for Windows Server/IIS. Note that older/obsolete browsers are not implementing TLS, shame on users for not doing their updates then!

1. Open the registry editor :

regedit.exe

2. Browse to the following registry location :

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SecurityProviders \ Schannel \ Protocols

3. Create a new key under Protocols :

[Protocols] Right click and then click on New > Key

4. Name the key as :

SSL 3.0

5. Create a new key (Client) under SSL 3.0 :

[SSL 3.0] Right click and then click on New > Key

6. Name the key as :

Client

7. Create a new DWORD value under Client key :

[Client] Right click and then click on New > DWORD (32-bit)

8. Name the new key as :

DisabledByDefault

9. Set DisabledByDefault value to :

1

10. Create a new key (Server) under SSL 3.0 :

[SSL 3.0] Right click and then click on New > Key

11. Name the key as :

Server

12. Create a new DWORD value under Client key :

[Client] Right click and then click on New > DWORD (32-bit)

13. Name the new key as :

Enabled

14. Set DisabledByDefault value to :

0

15. You may now reboot your system to make that change effective.