How to fix the POODLE SSL issue on IIS

October 17, 2014
Kevin Lam

There was a recent SSL vulnerability reported called POODLE (Padding Oracle On Downgraded Legacy Encryption), whereby if a user is connected to your Web server using SSL v3, there is a risk that an attacker can conduct a man-in-the-middle attack.  IronBox customers are already protected, but if you’re using Microsoft IIS here’s how to fix this issue.

Fixing POODLE simply entails disabling SSL v3 on your server.  To do this, simply add a DWORD called Enabled and set it to 0 under the following:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server

Restart your server and you’re done.  For your convenience, I’ve the same script we use on our own production servers (DisableSSLv3_Server) for your reference.  Then, head on over to and test your server.  Enjoy,