Howto disable SSL 2.0 on a Windows Server 2008 or 2008 R2
There is a severe security breach in the old SSL 2.0, which enables people with bad intend to perform man-in-the-middel attacks among other.
Fortunatly all newer Browsers and clients use SSL 3.0 or TLS 1.0 which avoids the use of SSL 2.0. But to make sure your servers dosn’t even present the opportunity of SSL 2.0 (or older protocols) you have to disable them on the servers manually (if you have many servers you could buy a small utility from http://foundeo.com )
To fix this issue follow the steps below
In there create a new key called Server, now go to
Here you’ll create a new DWORD called Enabled, make sure the value of this i 0
After this you’ll have to reboot the server to make the changes go into effect.
To check whether you have successfully or not go to
http://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm and type in your domain.