This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)

neilgbrookins over 10 years ago

I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server to prevent an attack via poodle, CVE-2014-3566.

Is there a setting that allows this to be accomplished?

Top Replies

LGarvin over 10 years ago +1

I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server Instructions for removing SSL v3 support (or other protocols) is covered in Microsoft KB187498 . Essentially…

0 bkyle over 10 years ago

Would you like to turn off HTTPS access? Also what kind of certificate are you using?
Cancel
Vote Up 0 Vote Down

Cancel
0 neilgbrookins over 10 years ago in reply to bkyle

We are using the standard self-signed cert.
Sent from my iWatch
Cancel
Vote Up 0 Vote Down

Cancel
0 neilgbrookins over 10 years ago in reply to bkyle

No, I don't want to turn off https. I want to force the use of tls and not allow ssl 3 at all. Please google for poodle for more details.
Sent from my iWatch
Cancel
Vote Up 0 Vote Down

Cancel
0 LGarvin over 10 years ago

I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server

Instructions for removing SSL v3 support (or other protocols) is covered in Microsoft KB187498.

Essentially you create a RegValue named "Enabled" in the relevant KEY and set it to DWORD=0x0
Cancel
Vote Up +1 Vote Down

Cancel
0 MartinLucan over 10 years ago in reply to neilgbrookins

Hi, you can force TLS communication channel instead of using SSLv3 by adding registry entries mentioned bellow.
Just open your command line with Run as administrator and paste these commands:
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 1 /f
Then restart your OS and now only TLS channels could be used.
Cancel
Vote Up 0 Vote Down

Cancel