This project has moved and is read-only. For the latest updates, please go here.

Previous Setup TLS 1.2 Manual Install Setup Group Membership Next

Setup No SSL v3

FineBuild can disable Secure Sockets Layer v3 (SSL v3). SSL v3 is vulnerable to hacking and is considered obsolete. It should be disabled wherever possible.

Security Compliance

Setup No SSL v3 configuration helps to reduce the network surface area available for attack. If you setup Security Compliance then Setup No SSL v3 configuration will always be implemented.

FineBuild Setup No SSL v3

Processing of Setup No SSL v3 relates to Process Id 1DH in the FineBuild1Preparation script, and is controlled by the parameters below:
Install Parameter Build SQL Version Value
SetupNoSSL3 FULL Any Yes
SetupNoSSL3 CLIENT Any Yes
SetupNoSSL3 WORKSTATION Any Yes

Top

Manual Setup No SSL v3

The following steps show what you would have to do to setup Setup No SSL v3 manually. FineBuild does all of this work for you automatically.

1) Open the Registry Editor by Start -> Run and type regedit
RegeditCmd.png
2) Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client. If the registry key does not exist then create it.
PathClient.png
3) Set the value of the DWORD item Enabled to 0 (zero). If it does not exist then create it
disable.png
4) Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server. If the registry key does not exist then create it.
PathServer.png
5) Set the value of the DWORD item Enabled to 0 (zero). If it does not exist then create it
disable.png
Copyright FineBuild Team © 2016. License and Acknowledgements
Previous Setup TLS 1.2 Top Setup Group Membership Next

Last edited Nov 11, 2016 at 12:49 PM by EdVassie, version 2