cancel
Showing results for 
Search instead for 
Did you mean: 

How to manually disable SSL 2.0 and SSL 3.0 and make sure that the stronger TLS protocols are used

Highlighted

How to manually disable SSL 2.0 and SSL 3.0 and make sure that the stronger TLS protocols are used

This is a valid concern and we do encourage System Administrators to disable SSL v3 on any Windows systems that the Prognosis Web Interface IIS application has been installed on.

 

I did some checking and the only problems that we are seeing concerning TLS is when a customer downloads the latest Google Chrome or Firefox browser. Doing this will disallow you to view the Prognosis website not because of a support issue using TLS but because these browsers have stopped supporting SSLv3 handshake in their browser.

 

http://threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455).

 

Please follow the instructions at https://nolabnoparty.com/en/microsoft-iis-disable-sslv3-protocol-poodle-vulnerability/

to disable SSL v3. This will force all Web Interfaces to use TLS. I have supplied the details below for your convenience.

Manual fix

Run Regedit as Administrator and navigate to:

 

1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\

image001.jpg

Right click Protocols and select New > Key option.

image002.jpg

Name the new key as SSL 3.0.

image003.jpg

Now right click SSL 3.0 and create a new key named Client.

image004.jpg

Again, right click SSL 3.0 and create the key Server.

image005.jpg

Right click Client and select  New > DWORD (32bit) Value option.

image006.jpg

Name the DWORD as DisabledByDefault. Double click the DWORD and type 1 as Value data then click OK to confirm.

image007.jpg

The DWORD Value Data set to 1.

image008.jpg

Repeat same procedure for Server and assign Enabled as a DWORD name. Leave default Value Data set to 0.

image009.jpg

Restart the server to complete the procedure. 

 

Webinar: The Journey to Microsoft Teams - Readiness Phase (part 2)

Having looked at the planning phase in session one of this series, we will turn our focus to the readiness phase. The all important technical capabilities assessment, ensuring the network, endpoints and users are adequately prepared for the move.

Hear first hand from IR's Global Head of Information Systems and Technology, Jason Schwendinger, on how he has been tackling these issues.

Join webinar