POODLE SSL Bug: Disable SSL 3.0 in Windows

Disable SSL 3.0 in Windows

You can disable support for the SSL 3.0 protocol on Windows by following these steps:

    1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
    2. In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 3.0\Server

Note If the complete registry key path does not exist, you can create it by expanding the available keys and using the New -> Key option from the Edit menu.

    1. On the Edit menu, click Add Value.
    2. In the Data Type list, click DWORD.
    3. In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value.

    1. Type 00000000 in Binary Editor to set the value of the new key equal to “0”.
    2. Click OK. Restart the computer.


Note This workaround will disable SSL 3.0 for all server software installed on a system, including IIS.

Note After applying this workaround, clients that rely only on SSL 3.0 will not be able to communicate with the server.


Scan your server with this tool: https://www.poodlescan.com/