SSL 2 & 3 protocols no longer will be safe to use since it can be break through the POODLE technique.
if you're using any vulnerability scanning tool you may already came across with the massage " SSL Version 2 and 3 Protocol Detection "
so in order to be safe use at least TLS 1.2 on your servers.
- before changing any registry values , take backup using export option in regedit.
- Save below registry information as a reg File "XXX.REG " and import it to registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
After that you can disable SSL Section by Deleting Registry Keys !.
Path :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
restart the Server &
A tool available to rectified this issue in automated manner.
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012, 2016 and 2019. It also lets you reorder SSL/TLS cipher suites offered by IIS, change advanced settings, implement Best Practices with a single click, create custom templates and test your website.
Get the tool from below Link
https://www.nartac.com/Products/IISCrypto/
1 - Run the Tool
2 - Click on Best Practices(it will choose best scenarios for the server automatically )
3 - Tick Reboot and Apply
Enjoy the Vulnerability scanning again !
#SSL3 #SSL2 #TLS1 #POODLE #VULNERABLE #WINDOWSSERVER #SSL Version 2 and 3 Protocol Detection
No comments:
Post a Comment