This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)

I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server to prevent an attack via poodle, CVE-2014-3566.

Is there a setting that allows this to be accomplished?

Top Replies

LGarvin over 9 years ago +1

I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server Instructions for removing SSL v3 support (or other protocols) is covered in Microsoft KB187498 . Essentially…

Parents

0 bkyle over 9 years ago

Would you like to turn off HTTPS access? Also what kind of certificate are you using?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 bkyle over 9 years ago

Would you like to turn off HTTPS access? Also what kind of certificate are you using?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 neilgbrookins over 9 years ago in reply to bkyle

We are using the standard self-signed cert.
Sent from my iWatch
Cancel
Vote Up 0 Vote Down

Cancel
0 neilgbrookins over 9 years ago in reply to bkyle

No, I don't want to turn off https. I want to force the use of tls and not allow ssl 3 at all. Please google for poodle for more details.
Sent from my iWatch
Cancel
Vote Up 0 Vote Down

Cancel
0 MartinLucan over 9 years ago in reply to neilgbrookins

Hi, you can force TLS communication channel instead of using SSLv3 by adding registry entries mentioned bellow.
Just open your command line with Run as administrator and paste these commands:
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 1 /f
Then restart your OS and now only TLS channels could be used.
Cancel
Vote Up 0 Vote Down

Cancel