Pagine

Hacker -- SSL 3.0 Poodle vulnterability and how disable SSL 3.0 on Windows Server

POODLE vulnerability is an attack in SSL 3.0 and it is a defect of the protocol, not an implementation issue. For more information read the article released by Google.

Each implementation SSL 3.0 has this problem. Security experts recommend system administrators to disable SSL 3.0 and Use TLS 1.1 servers or 1.2.


To test whether the network server using SSL v3, go to Toolbox GeoTrust SSL and type the URL of the server to monitor and click on Check.

https://ssltools.geotrust.com/checker/views/certCheck.jsp 

If SSLv3 is enabled your server is at risk 

  1. In this case, to disable SSLv3 you need to execute as Administrator regedit. 
  2. HKEY_LOCAL_MACHINE\SYSTEM\
    CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
    
  3. Right click button on the Protocols item and select New> Key --> SSL 3.0 folder.
  4. Right click button on the item SSL 3.0 folder and create a new key named Client.
  5. Again, make a click with the right mouse button on the item SSL 3.0 and create the strong name key Server.
  6. Make click with the right mouse button on the client and select New> DWORD (32-bit) Value.
  7. Give the name of the DWORD DisabledByDefault. Make a double click on DWORD and enter 1 as Value data and click OK to confirm.
     
  8. Repeat the same procedure for the Server entry and assign Enabled as the name of the DWORD. Leave Value Date with the default value set to 0.
  9. Restart Server 
Alternatively you can create a .reg file coping and paste following text and add it to your system register.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
 

For the moment, there are no available patch as the problem is a defect and not due to the implementation of the Protocol.

More details:

https://technet.microsoft.com/en-us/library/security/3009008 

http://www.achab.it/blog/index.cfm/2015/1/microsoft-iis-disabilitare-il-protocollo-sslv3-per-poodle.htm