As a security best practice, disable SSLv3 in Internet Information Services (IIS) on the Infrastructure as a Service (IaaS) host server machine.

About this task

Procedure

  1. Run the Windows registry editor as an administrator.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\ in the registry window.
  3. Right-click on Protocols, and select New > Key.
  4. Enter SSL 3.0.
  5. In the navigation tree, right-click the newly created SSL 3.0 key, and in the pop-up menu select New > Key and enter Client.
  6. In the navigation tree, right-click on the newly created SSL 3.0 key, and in the pop-up menu select New > Key and enter Server.
  7. In the navigation tree, under SSL 3.0, right-click Client, and select New > DWORD (32-bit) Value and enter DisabledByDefault.
  8. In the navigation tree, under SSL 3.0, select Client, and in the right pane, double-click DisabledByDefault and enter 1.
  9. In the navigation tree, under SSL 3.0, right-click Server, and select New > DWORD (32-bit) Value and enter Enabled.
  10. In the navigation tree, under SSL 3.0, select Server, and in the right pane, double-click the enabled DWORD and enter 0.
  11. Restart the Windows Server.