ansible,win: disable SSLv2 and SSLv3

Following Azure security recommendations. PR-URL: #2099 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Christian Clauss <cclauss@me.com>
nodejs · Jan 2, 2020 · fee9565 · fee9565
1 parent 360cd75
commit fee9565
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/ansible/roles/bootstrap/tasks/partials/win.yml b/ansible/roles/bootstrap/tasks/partials/win.yml
@@ -26,3 +26,23 @@
       name: AutoAdminLogon
       data: 1
       type: string
+
+# Comply with Azure security recommendations
+# After changing anything in this list check if the following still work:
+# - Windows Update
+# - PowerShell remoting (for Ansible connections)
+# - RDP from Windows
+# - RDP from Remmina
+- block:
+  - name: disable SSL 2.0
+    win_regedit:
+      path: 'HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server'
+      name: Enabled
+      data: 0
+      type: dword
+  - name: disable SSL 3.0
+    win_regedit:
+      path: 'HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server'
+      name: Enabled
+      data: 0
+      type: dword