• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 21 subscribers
  • Views 1789 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)

neilgbrookins

I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server to prevent an attack via poodle, CVE-2014-3566.

Is there a setting that allows this to be accomplished?

  • 0

    Would you like to turn off HTTPS access?  Also what kind of certificate are you using?

  • 0 in reply to bkyle

    We are using the standard self-signed cert.

    Sent from my iWatch

  • 0 in reply to bkyle

    No, I don't want to turn off https. I want to force the use of tls and not allow ssl 3 at all. Please google for poodle for more details.

    Sent from my iWatch

  • 0
    I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server


    Instructions for removing SSL v3 support (or other protocols) is covered in Microsoft KB187498.


    Essentially you create a RegValue named "Enabled" in the relevant KEY and set it to DWORD=0x0

  • 0 in reply to neilgbrookins

    Hi, you can force TLS communication channel instead of using SSLv3 by adding registry entries mentioned bellow.

    Just open your command line with Run as administrator and paste these commands:

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v Enabled /t REG_DWORD /d 0 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 0 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v Enabled /t REG_DWORD /d 0 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 1 /f

    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 1 /f

    Then restart your OS and now only TLS channels could be used.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.