{"id":10663,"date":"2014-10-20T09:10:00","date_gmt":"2014-10-20T08:10:00","guid":{"rendered":"http:\/\/nolabnoparty.com\/?p=10663"},"modified":"2014-11-20T08:54:06","modified_gmt":"2014-11-20T07:54:06","slug":"microsoft-iis-disable-sslv3-protocol-poodle-vulnerability","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/microsoft-iis-disable-sslv3-protocol-poodle-vulnerability\/","title":{"rendered":"Microsoft IIS disable SSLv3 protocol for POODLE vulnerability"},"content":{"rendered":"<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis01.jpg\" alt=\"disablessl3iis01\" width=\"602\" height=\"202\" border=\"0\" \/><\/p>\n<p>The POODLE vulnerability is an attack on the SSL 3.0 protocol and it's a <strong>protocol flaw<\/strong> not an implementation issue. Read the Google <a href=\"http:\/\/googleonlinesecurity.blogspot.ie\/2014\/10\/this-poodle-bites-exploiting-ssl-30.html\" target=\"_blank\" rel=\"noopener\">release post<\/a>.<\/p>\n<p>Every implementation of SSL 3.0 suffers from it. Security experts are recommending administrators to <strong>disable SSL 3.0<\/strong> on their servers and use TLS 1.1 or 1.2.<\/p>\n<p><!--more--><\/p>\n<p>&nbsp;<\/p>\n<h2>Check SSL 3.0 usage<\/h2>\n<p>To check if your server uses SSL v3, go to <a href=\"https:\/\/ssltools.geotrust.com\/checker\/views\/certCheck.jsp\" target=\"_blank\" rel=\"noopener\">GeoTrust SSL Toolbox<\/a> website and type the URL of the server you want to check and click <strong>Check<\/strong> button.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis02\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis02.jpg\" alt=\"disablessl3iis02\" width=\"600\" height=\"383\" border=\"0\" \/><\/p>\n<p>If the result shows <strong>SSLv3 is enabled<\/strong>, the server may be affected by\u00a0POODLE vulnerability.<\/p>\n<p>&nbsp;<\/p>\n<h2>Manual fix<\/h2>\n<p>Run <strong>Regedit<\/strong> as Administrator and navigate to:<\/p>\n<pre class=\"line-height:20 lang:default decode:true\">HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\Schannel\\Protocols\\<\/pre>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis03\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis03.jpg\" alt=\"disablessl3iis03\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>Right click <strong>Protocols<\/strong> and select <strong>New &gt; Key<\/strong> option.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis04\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis04.jpg\" alt=\"disablessl3iis04\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>Name the new key as <strong>SSL 3.0<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis05\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis05.jpg\" alt=\"disablessl3iis05\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>Now right click <strong>SSL 3.0<\/strong> and create a new key named <strong>Client<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis06\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis06.jpg\" alt=\"disablessl3iis06\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>Again, right click <strong>SSL 3.0<\/strong> and create the key <strong>Server<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis07\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis07.jpg\" alt=\"disablessl3iis07\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>Right click <strong>Client<\/strong> and select\u00a0 <strong>New &gt; DWORD (32bit) Value<\/strong> option.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis08\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis08.jpg\" alt=\"disablessl3iis08\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>Name the DWORD as <strong>DisabledByDefault<\/strong>. Double click the DWORD and type <strong>1<\/strong> as <strong>Value data<\/strong> then click <strong>OK<\/strong> to confirm.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis09\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis09.jpg\" alt=\"disablessl3iis09\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>The DWORD <strong>Value Data<\/strong> set to 1.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis10\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis10.jpg\" alt=\"disablessl3iis10\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>Repeat same procedure for <strong>Server<\/strong> and assign <strong>Enabled<\/strong> as a DWORD name. Leave default <strong>Value Data<\/strong> set to <strong>0<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis11\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis11.jpg\" alt=\"disablessl3iis11\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p><strong>Restart the server<\/strong> to complete the procedure.<\/p>\n<p>&nbsp;<\/p>\n<h2>Quick fix<\/h2>\n<p>Log into the server with <strong>Local Administrator permissions<\/strong> account.<\/p>\n<p>Download <a href=\"https:\/\/nolabnoparty.com\/download\/disable_ssl3.zip\" target=\"_blank\">disable_ssl3.zip<\/a> and extract the <strong>.reg file<\/strong>.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis12\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis12.jpg\" alt=\"disablessl3iis12\" width=\"240\" height=\"91\" border=\"0\" \/><\/p>\n<p>Double click the <strong>.reg file<\/strong> and click <strong>Yes<\/strong> to confirm.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis13\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis13.jpg\" alt=\"disablessl3iis13\" width=\"562\" height=\"162\" border=\"0\" \/><\/p>\n<p>The system confirms the keys added to the Registry.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis14\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis14.jpg\" alt=\"disablessl3iis14\" width=\"562\" height=\"123\" border=\"0\" \/><\/p>\n<p>The Registry keys added.<\/p>\n<p><img decoding=\"async\" style=\"background-image: none; margin: 0px auto; padding-left: 0px; padding-right: 0px; display: block; float: none; padding-top: 0px; border-width: 0px;\" title=\"disablessl3iis15\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2014\/10\/disablessl3iis15.jpg\" alt=\"disablessl3iis15\" width=\"600\" height=\"384\" border=\"0\" \/><\/p>\n<p>No patches are available so far since it's a <strong>protocol flaw<\/strong> and not an implementation issue.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"firma\" title=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The POODLE vulnerability is an attack on the SSL 3.0 protocol and it's a protocol flaw not an implementation issue. Read the Google release post. Every implementation of SSL 3.0 suffers from it. Security experts are recommending administrators to disable SSL 3.0 on their servers and use TLS 1.1 or 1.2.<\/p>\n","protected":false},"author":3,"featured_media":10648,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[913,1065],"tags":[1087,1083,680],"class_list":["post-10663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory-en","category-microsoft-en","tag-iis-en-en-en","tag-poodle-en","tag-ssl-en","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/10663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=10663"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/10663\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/10648"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=10663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=10663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=10663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}