5 Replies Latest reply on Oct 17, 2014 12:22 AM by MartinLucan

    How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)

    neilgbrookins

      I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server to prevent an attack via poodle, CVE-2014-3566.

      Is there a setting that allows this to be accomplished?

        • Re: How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)
          bkyle

          Would you like to turn off HTTPS access?  Also what kind of certificate are you using?

            • Re: How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)
              neilgbrookins

              We are using the standard self-signed cert.

               

              Sent from my iWatch

              • Re: How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)
                neilgbrookins

                No, I don't want to turn off https. I want to force the use of tls and not allow ssl 3 at all. Please google for poodle for more details.

                 

                Sent from my iWatch

                  • Re: How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)
                    MartinLucan

                    Hi, you can force TLS communication channel instead of using SSLv3 by adding registry entries mentioned bellow.

                    Just open your command line with Run as administrator and paste these commands:

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v Enabled /t REG_DWORD /d 0 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 0 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v Enabled /t REG_DWORD /d 0 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v DisabledByDefault /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v DisabledByDefault /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 1 /f

                    REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 1 /f

                     

                    Then restart your OS and now only TLS channels could be used.

                • Re: How do I turn off ssl 3.0 support in the web server? (CVE-2014-3566 poodle)
                  Lawrence Garvin
                  I'm using ipMonitor which has a build-in web server. I need to turn off SSL 3.0 support in the server


                  Instructions for removing SSL v3 support (or other protocols) is covered in Microsoft KB187498.


                  Essentially you create a RegValue named "Enabled" in the relevant KEY and set it to DWORD=0x0

                  1 of 1 people found this helpful