IIS 禁用SSL 3.0

[ 2014-10-25 16:47:03 | Author: zhenhua ]
Font Size: Large | Medium | Small
Windows Server 2008 /2012中使用IIS 7 /8默认允许SSL 2.0和SSL 3.0。

请按以下禁用:

单击开始,单击运行,键入注册表编辑器,然后单击确定。
在注册表编辑器,找到以下注册表项/文件夹:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols

在SSL 2.0文件夹,右键单击并选择新建,然后单击密钥。命名新的文件夹服务器。
里面的服务器的文件夹,单击编辑菜单中,选择新建,然后单击DWORD(32-bit)值。
进入启用 作为名称并按下回车键。
请确保它显示00000000(0)的数据列下(它应该默认情况下)。如果没有,请右键单击并选择修改,输入0作为数值数据。
现在,禁用SSL 3.0,对SSL 3.0文件夹,右键单击并选择新建,然后单击密钥。命名新的文件夹服务器。
里面的服务器的文件夹,单击编辑菜单中,选择新建,然后单击DWORD(32-bit)值。
进入启用 作为名称并按下回车键。
请确保它显示00000000(0)的数据列下(它应该默认情况下)。如果没有,请右键单击并选择修改,输入0作为数值数据。
重新启动计算机。
����Ŵ�


In Windows Server 2003 to 2012 R2 the SSL / TLS protocols are controlled by flags in the registry set at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols.

To disable SSLv3, which the POODLE vulnerability is concerned with, create a subkey at the above location (if it's not already present) named SSL 3.0 and, under that, a subkey named Server (if it's not already present). At this location (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server) create a DWORD value named Enabled and leave it set at 0.

Disabling SSL 2.0, which you should also be doing, is done the same way, except that you'll be using a key named SSL 2.0 in the above registry path.

test:https://www.ssllabs.com/ssltest/analyze.html
Comments Feed Comments Feed: http://www.zhenhua.org/feed.asp?q=comment&id=775
UTF-8 Encoding Trackback URL: http://www.zhenhua.org/trackback.asp?id=775

There is no comment on this article.

If you feel this site you find this information helpful, please click on the donation, which is voluntary,Thank you.
Post Comment
Smilies
[arrow] [biggrin] [confused] [cool]
[cry] [eek] [evil] [exclaim]
[frown] [idea] [lol] [mad]
[mrgreen] [neutral] [question] [razz]
[redface] [rolleyes] [sad] [smile]
[surprised] [twisted] [wink]
Enable UBB Codes
Auto Convert URL
Show Smilies
Hidden Comment
Username:   Password:   Register Now?
Security Code * Please Enter the Security Code