Howto disable SSL 2.0 on a Windows Server 2008 or 2008 R2

There is a severe security breach in the old SSL 2.0, which enables people with bad intend to perform man-in-the-middel attacks among other.

Fortunatly all newer Browsers and clients use SSL 3.0 or TLS 1.0 which avoids the use of SSL 2.0. But to make sure your servers dosn’t even present the opportunity of SSL 2.0 (or older protocols) you have to disable them on the servers manually (if you have many servers you could buy a small utility from http://foundeo.com )

To fix this issue follow the steps below

Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\

In there create a new key called Server, now go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server\

Here you’ll create a new DWORD called Enabled, make sure the value of this i 0

After this you’ll have to reboot the server to make the changes go into effect.

To check whether you have successfully or not go to
http://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm and type in your domain.

Leave a Reply

© 2019: Noervig's notes | Easy Theme by: D5 Creation | Powered by: WordPress