How to Disable Legacy SSL Support (SSL 3.0 / SSL 2.0)

Plesk Servers > SSL
Recently, there have been some vulnerabilities found in older implementations of SSL (see our POODLE news article for further description).  This article exists to help you disable support for older versions of SSL on a server level.  You will need a dedicated server to perform these actions, as they cannot be performed on the shared environment. If you are on a shared environment and you're still seeing SSL 3.0 being allowed on the server - let one of our support staff know.
 
Before we begin, it is important to note that these instructions are only functional on Windows Server 2012 and later.  On any other version of windows server, you will need to upgrade to a newer server.
 
Additionally, since the SHA1 algorithm is also compromised, the script and instructions will also enable TLS 1.2 
 
You must be a dedicated server customer to be able to perform these steps. If you are unsure of your ability to perform these steps, please contact Support for assistance.
  1. Log into your server using Remote Desktop.
  2. Open up regedit.  Be sure to make a backup of the registry before you attempt any changes, to accomplish this use File > Export.
  3. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\ 
  4. Create two new keys:  "SSL 3.0" and "SSL 2.0"
  5. In each of these keys, create a new key "Server"
  6. In each of the Server keys, create a new DWORD named "Enabled".  Leave it set to 0.
  7. Restart the server so that these changes will take effect
Once you've completed this, the server will no longer support SSL versions 3.0 or 2.0.  The rest of this article includes images to guide you on the process.
 
Open regedit.exe
 
 
Or use Run to open it
 
Navigate to the proper key
 
Continued
 
Create the new keys
 
Continued
 
Create new DWORD
 
Name it "Enabled"
 
 

Add Feedback