Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  MS-MVP  |  Wireless  |  Forums   | Site Map | Services  | Donations | Careers  | Search                           Select a Topic VPN How To Network How To Remote Access How To Windows How To Internet How To New Topics

How to disable SSL V2.0 on Microsoft IIS 6

Q:  One of our clients is running IIS 6 on Windows 2003 server. He asks this question: "We're having trouble passing the PCI scan for our main IIS server. The problem appears to relate to https, and it looks like it might pass if we upgrade from ssl 2.0 to ssl 3.0"

After some research, I believe both SSL 2.0 and SSL 3.0 are enabled in IIS 6 by default. If we disable SSL 2, that may fix the problem. Am I right? If yes, how do you disable SSL 2 on IIS 6?

A: to disable SSL 2.0, you can  try to change the registry key

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server”

1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key:
   
   HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK.
   
   Note If this value is present, double-click the value to edit its current value.
6. Type 00000000 in Binary Editor to set the value of the new key equal to "0".
7. Click OK. Restart the computer.

Post your questions, comments, feedbacks and suggestions

Contact a consultant

Related Topics