Hi, Guys.
Good Day!
Need your assistance on this.
Do you know how to disable SSLv3 on Lync Edge server? Any considerations and/or procedures to do this? Please advise.
Thank you.
Technology Tips and News
Hi, Guys.
Good Day!
Need your assistance on this.
Do you know how to disable SSLv3 on Lync Edge server? Any considerations and/or procedures to do this? Please advise.
Thank you.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi,
In registry editor, go to
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Change the value to 0 or add a new DWORD value "Enabled" and set it to 0.
Hi, Yoav.
Do you have any supporting MS article for this? Please advise.
Thank you.
Hi lrwinBats,
Please check the following KB.
https://support.microsoft.com/en-us/kb/245030?wa=wsignin1.0
These keys might not exist so they need to be created prior to setting values.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server]
Best regards,
Eric
HI
You will need to reboot the server for it to take effect
thanks
Hi, Guys.
As what you have said, this registry key is not present in our Lync Edge server. Due to this, can you share any procedures / articles on how to create this key and disable it as well? Please advise.
When I navigate to
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
I only see under this a folder SSL 2.0 then under that is a Client folder
Further, do I need to create all of these 3 as well so that the change will take effect?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server]
Thank you.
Hi
You will need to create the Keys and Entries manually for 3.0 and TLS 1.0
and
https://support.microsoft.com/en-us/kb/187498
TechNet one has a nice friendly fixit tool to just run and reboot :)
thanks
Not specifically to protect against POODLE. But some people want to force TLS 1.2 as the only protocol as it offers the strongest protection. Entirely down to your choice.
thanks
Hi
This is a pretty easy task usually, with a reboot the server should come back online without excessive waiting.
I have seen excessive server reboots when the server fails to ping the default gateway, but thats unrelated to this specific task.
thanks
Hi, Guys.
Good Day!
How do you disable SSLv2 on Lync Edge? Is the same approach as when we change registry key for SSLv3? Please advise.
Thank you.
Hi lrwinBats.
Yes, it's same.
Best regards,
Eric