Get Adobe Flash player

How to fix POODLE on Windows Server 2012 R2

Przygotuj plik tekstowy z rozszerzeniem .reg np.: DisableSSL3.reg

zawartość pliku poniżej

—————————————————————————

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
„DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
„Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
„DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
„Enabled”=dword:00000000

———————————————————————

  • zapisz plik i go uruchom
  • zrestartuj serwer
  • przeskanuj serwer  POODLE Scan Test,

 

Opis ręcznie wykonanych zmian w rejestrach znajduje się poniżej.

—————————————————————————————————————–

 

  1. Login to Windows Server 2012 R2 and open the Registry Editor running it as administrator:
    On the Start screen type regedit.exe.
    Right-click on regedit.exe and click Run as administrator.
  2. In the Registry Editor window, go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
    SSLv3_POODLE_1
  3. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key and name the key as SSL 3.0SSLv3_POODLE_2
  4. In the navigation tree, right-click on the new SSL 3.0 key that we have created in the above step, and in the pop-up menu, click New > Key and name the key as ClientSSLv3_POODLE_3
  5. In the navigation tree, right-click again on the SSL 3.0 and in the pop-up menu, click New > Key and name the key as Server
  6. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value
    and name the value DisabledByDefaultSSLv3_POODLE_5
  7. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.SSLv3_POODLE_6
  8. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value and name the value Enabled.
  9. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.SSLv3_POODLE_8
  10.  Restart the Windows Server to apply these changes permanently.

After the restart, verify whether your changes have applied successfully by checking your domain again on POODLE Scan Test, and you are done!