Information Security Instructions

Disable Secure Sockets Layer (SSL) in Internet Explorer

Description:
This document describes the steps to disable Secure Sockets Layer (SSL) in Internet Explorer (IE),
and in so doing require Transport Layer Security (TLS) be used to establish encrypted browser
connections. On domain member computers used by IT personnel, you should find that SSL is
already disabled via an AD Group Policy change that was implemented on Sunday, April 10th.

Discontinuing the use of SSL to establish encrypted connections has become necessary in
response to an increasing number of exploitable high-risk vulnerabilities. Further, the PCI Security
Standards Council no longer recognizes SSL as a secure means to transmit credit card data.

Instructions:
1. First, you must login to the domain while directly connected to the internal network via a
wired or wireless connection or client VPN.
2. Launch IE
3. Click Tools, then Internet options
4. In Internet Options, click the Advanced tab
5. Scroll down to the section entitled Security
6. Deselect/Uncheck all instances of SSL
7. Select/Check all instances of TLS
 8. Click the OK button
9. Close all instances of IE
10. Launch IE and test access to a variety of web sites known to require the use of an encrypted
connection (i.e. sites that use https:// rather than just http://)

Note:
If while following these instructions you find that SSL within IE is not already disabled on any domain
member computer you use, please send an e-mail message to GISO Information Security that
includes the computer name so that we can add your computer to the IT Test OU. This OU is used to
test changes such as this as well as patches and updates before they are implemented on end-user
computers across the company. The intent is to identify and remediate issues before they impact the
end-user community at large.

Contact Information:
Questions regarding this subject matter may be submitted to GISO Information Security.

If you have issues connecting to web sites after disabling SSL in IE, please contact the CompuCom
Service Desk and have the incident assigned to CMPC InfoSec Access Control.