cancel
Showing results for 
Search instead for 
Did you mean: 

How to manually disable SSL 2.0 and SSL 3.0 and make sure that the stronger TLS protocols are used

Chris_Rupp
Staff

How to manually disable SSL 2.0 and SSL 3.0 and make sure that the stronger TLS protocols are used

This is a valid concern and we do encourage System Administrators to disable SSL v3 on any Windows systems that the Prognosis Web Interface IIS application has been installed on.

 

I did some checking and the only problems that we are seeing concerning TLS is when a customer downloads the latest Google Chrome or Firefox browser. Doing this will disallow you to view the Prognosis website not because of a support issue using TLS but because these browsers have stopped supporting SSLv3 handshake in their browser.

 

http://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455).

 

Please follow the instructions at https://nolabnoparty.com/en/microsoft-iis-disable-sslv3-protocol-poodle-vulnerability/

to disable SSL v3. This will force all Web Interfaces to use TLS. I have supplied the details below for your convenience.

Manual fix

Run Regedit as Administrator and navigate to:

 

1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\

image001.jpg

Right click Protocols and select New > Key option.

image002.jpg

Name the new key as SSL 3.0.

image003.jpg

Now right click SSL 3.0 and create a new key named Client.

image004.jpg

Again, right click SSL 3.0 and create the key Server.

image005.jpg

Right click Client and select  New > DWORD (32bit) Value option.

image006.jpg

Name the DWORD as DisabledByDefault. Double click the DWORD and type 1 as Value data then click OK to confirm.

image007.jpg

The DWORD Value Data set to 1.

image008.jpg

Repeat same procedure for Server and assign Enabled as a DWORD name. Leave default Value Data set to 0.

image009.jpg

Restart the server to complete the procedure.