locked
SharePoint 2013 Enterprise Edition SP1 Protocols for secure communication RRS feed

  • Question

  • We have an Anonymous website developed over SharePoint Server 2013 SP1 Enterprise Edition on Windows Server 2008 R2

    We have disabled SSL 2.0 and SSL 3.0 protocols from the server's following below steps:

    1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0] 
    
    2) Under the registry key Server, create a DWORD value named Enabled and change the value data to 00000000.
    
    3) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0 ] 
    
    4) Under the registry key Server, create a DWORD value named Enabled and change the value data to 00000000.
    
    5) Reboot.


    Reference Link:-
    Disable SSL

    Problem Statement :- While checking the website's SSL performance over SSLLabs(URL Below) it is still showing the SSL 2.0 enabled over the server and vulnerable to DROWN attack ?  URL :-  SSL Labs Analyze Performance

    What are the default allowed protocols that SharePoint 2013 Enterprise Edition SP1 relies for secure communication ?

    Edit: from SSL Labs, we are getting

    IE 6 / XP   No FS <sup>1</sup>   No SNI <sup>2</sup> Server offered SSL 2 without any suites
    RSA 2048 (SHA256)   |  SSL 2  | 

    Any pointers for this would be helpful.

    Monday, February 4, 2019 11:16 AM

All replies

  • Hello Deepak,

    Please make sure that you have set entries in following way:

    SSL 2.0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
    "DisabledByDefault"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
    "Enabled"=dword:00000000

    SSL 3.0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
    "DisabledByDefault"=dword:00000001
    "Enabled"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
    "DisabledByDefault"=dword:00000001
    "Enabled"=dword:00000000

    Moreover make sure that you have done it on all servers.

    Monday, February 4, 2019 11:52 AM
  • Hey MateuszBill, Yes done the same way & on all the SharePoint Server's in farm. Still SSL Labs reporting v 2.0 enabled. :(


    Answer to your Question on technet.

    Monday, February 4, 2019 12:00 PM