According to Microsoft
Security Advisory 3009008, a vulnerability was detected in SSL 3.0.
Since both Lync and Skype for Business are using
certificates extensively,it is recommended to disable SSL 3 on all Front End
servers and reverse proxy solutions used to publish the web services.
Disabling SSL 3.0 in Lync Server 2013:
Action suggested:-
For Windows Servers, SSL 3.0 can be disabled by creating a
registry key using the following steps:
1. Open the
Command Prompt using elevated permissions
2. Run the following cmdlet: reg add
“HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
3.0\Server” /v Enabled /t REG_DWORD /d 0 /f
3. After
changing this, a restart to the Lync Services will be enough to apply the new
configuration:
Stop-CsWindowsService
Start-CsWindowsService
In case you need to rollback, simply remove the key and
restart the Lync Services:
reg delete
“HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL
3.0\Server” /v Enabled
