How to fix the POODLE SSL issue on IIS

October 17, 2014
Kevin Lam
Data Protection Fridays

There was a recent SSL vulnerability reported called POODLE (Padding Oracle On Downgraded Legacy Encryption), whereby if a user is connected to your Web server using SSL v3, there is a risk that an attacker can conduct a man-in-the-middle attack.  IronBox customers are already protected, but if you’re using Microsoft IIS here’s how to fix this issue.

Fixing POODLE simply entails disabling SSL v3 on your server.  To do this, simply add a DWORD called Enabled and set it to 0 under the following:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server

Restart your server and you’re done.  For your convenience, I’ve the same script we use on our own production servers (DisableSSLv3_Server) for your reference.  Then, head on over to https://www.ssllabs.com/ssltest/ and test your server.  Enjoy,

–Kevin

About IronBox

IronBox specializes in Internet security, data protection and application security. Our team members are recognized security experts that have helped protect some of the industry’s highest value and most targeted data.

Delighting customers with premium data protection, prompt support and easy-to-use software services is our passion.

Contacts
PO Box 3274, Redmond, WA 98073
contactus@goironbox.com
RSS
© 2024 LockBox LLC dba IronBox. All rights reserved.