Disable POODLE in IIS

By | October 24, 2014
0 Comment

Disable POODLE in IIS

Poodle

In Windows Server 2003 to 2012 R2 the SSL / TLS protocols are controlled by flags in the registry set at HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSchannelProtocols.

To disable SSLv3, which the POODLE vulnerability is concerned with, create a subkey at the above location (if it’s not already present) named SSL 3.0 and, under that, a subkey named Server (if it’s not already present). At this location (HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSchannelProtocolsSSL 3.0Server) create a DWORD value named Enabled and leave it set at 0.

Disabling SSL 2.0, which you should also be doing, is done the same way, you will need to use the registry  key named SSL 2.0 with the above registry path.

Not all versions have been tested, but a reboot is  required for this change to take effect.