Disabled SSLv3 in Windows registry but still showing POODLE vulnerability

Question

Windows server 2016 Standard.

Recently we've been getting hit by brute force attempt using POODLE. I did a little research and found we should disable SSLv3. However, when I go into:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\

...and look at my SSL 3.0 key, I already have both Client and Server folders in there and both have the same two DWORDs: DisabledByDefault (1), and Enabled (0). I must have already done this in the past at one point: https://www.digicert.com/kb/ssl-support/iis-disabling-ssl-v3.htm

If I scan our site using online scanners:

https://www.poodlescan.com POODLE results: SSLv3 enabled

https://www.site24x7.com/ POODLE results: Error occurred while validating SSL3 Poodlebleed Vulnerability for domain

https://ssl-tools.net/ POODLE results: all show TLSv1.2 with SSLv3 crossed out (strikethrough'd)

So. Three different checkers with three different results. Hmmm.

Apparently I'm the only one using Windows and IIS with this issue (every reference I've found here so far is about apache and nginx), so I am posting the question. What more do I need to do to disable SSLv3 and stop this POODLE brute force attempt? This flood of traffic, when it happens, is causing our site to report 503 Service Unavailable every few minutes.

Poodlescan seems to be defect. No matter which domain I tested according to this site they all have SSLv3 enabled which can't be true. — Robert, Mar 25 '22 at 21:29

An-dir · Answer 1 · 2022-03-25T20:28:14.763

0

The following tool makes IIS crypto/SSL/TLS changes easy: https://www.nartac.com/Products/IISCrypto

Try that to validate, but don't forget the checkbox: https://www.ssllabs.com/ssltest/

edited Mar 25 '22 at 20:28

answered Mar 25 '22 at 19:29

An-dir

156
5

Disabled SSLv3 in Windows registry but still showing POODLE vulnerability

1 Answers1