nvnivs/SslV3-Disable.ps1

## SslV3-Disable.ps1
<#
.SYNOPSIS
Disables SSL v3 protocol on IIS for POODLE vulnerability
.LINK
https://www.digicert.com/ssl-support/iis-disabling-ssl-v3.htm
#>

function Create-SubKey {
	param(
		[parameter(position=0)]$path,
		[parameter(position=1)]$key,
        [parameter(position=2)]$subKey
	)

	if (!(Test-Path "$path\$key\$subKey")) {
		(Get-Item $path).OpenSubKey($key, $true).CreateSubKey($subKey) | Out-Null
		Write-Output "$path\$key\$subKey"
	}
}

function Update-RegistryProperty {
    param(
        [parameter(position=0)]$path,
        [parameter(position=1)]$key,
        [parameter(position=2)]$value,
        [parameter(position=3)]$type
    )

	$property = Get-Item $path | Get-ItemProperty | Select-Object -ExpandProperty $key -ea:silentlyContinue
    if ($property -eq $null) {
        New-ItemProperty -path $path -name $key -value $value -PropertyType $type | Out-Null
        Write-Output "Created property $path[$key] = $value"
    }
    else {
        if ($property -ne $value) {
            Set-ItemProperty -path $path -name $key -value $value | Out-Null
            Write-Output "Updated property $path[$key] = $value"
        }
    }
}

$ErrorActionPreference = "Stop"
$schannelPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL"

Create-SubKey "$schannelPath" "Protocols" "SSL 3.0"
"Client", "Server" | % { Create-SubKey "$schannelPath\Protocols" "SSL 3.0" $_ }
Update-RegistryProperty "$schannelPath\Protocols\SSL 3.0\Client" "DisabledByDefault" "1" "Dword"
Update-RegistryProperty "$schannelPath\Protocols\SSL 3.0\Server" "Enabled" "0" "Dword"

Write-Output 'SSL 3.0 disabled'
	<#
	.SYNOPSIS
	Disables SSL v3 protocol on IIS for POODLE vulnerability
	.LINK
	https://www.digicert.com/ssl-support/iis-disabling-ssl-v3.htm
	#>

	function Create-SubKey {
	param(
	[parameter(position=0)]$path,
	[parameter(position=1)]$key,
	[parameter(position=2)]$subKey
	)

	if (!(Test-Path "$path\$key\$subKey")) {
	(Get-Item $path).OpenSubKey($key, $true).CreateSubKey($subKey) \| Out-Null
	Write-Output "$path\$key\$subKey"
	}
	}

	function Update-RegistryProperty {
	param(
	[parameter(position=0)]$path,
	[parameter(position=1)]$key,
	[parameter(position=2)]$value,
	[parameter(position=3)]$type
	)

	$property = Get-Item $path \| Get-ItemProperty \| Select-Object -ExpandProperty $key -ea:silentlyContinue
	if ($property -eq $null) {
	New-ItemProperty -path $path -name $key -value $value -PropertyType $type \| Out-Null
	Write-Output "Created property $path[$key] = $value"
	}
	else {
	if ($property -ne $value) {
	Set-ItemProperty -path $path -name $key -value $value \| Out-Null
	Write-Output "Updated property $path[$key] = $value"
	}
	}
	}

	$ErrorActionPreference = "Stop"
	$schannelPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL"

	Create-SubKey "$schannelPath" "Protocols" "SSL 3.0"
	"Client", "Server" \| % { Create-SubKey "$schannelPath\Protocols" "SSL 3.0" $_ }
	Update-RegistryProperty "$schannelPath\Protocols\SSL 3.0\Client" "DisabledByDefault" "1" "Dword"
	Update-RegistryProperty "$schannelPath\Protocols\SSL 3.0\Server" "Enabled" "0" "Dword"

	Write-Output 'SSL 3.0 disabled'