Disable SSL 2.0 in IIS 7

Problem

How do I disable SSL 2.0 and other protocols in IIS 7?

Resolution

When you have Windows Server 2008 that uses IIS 7, it uses SSL 2.0 by default.  Some standards, such as the PCI Compliance audit, do not allow the use of SSL 2.0. 

To fix this, you should disable SSL 2.0 in IIS 7 which will force use of the stronger SSL 3.0 instead.  Below are instructions on how to do this.

  1. Click on Start and then Run.  Type in regedt32 or regedit and then click OK.
  2. Once you have the registry open, locate the registry key
    HKey_Local_Machine\System\CurrentControlSet\Control|SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
  3. In the Edit menu, select Add Value.
  4. In the Data Type list, click on DWORD.
  5. In the Value Name box, type Enabled, and then click on OK.
    Note: If this value is present, double click on the value to edit this current value.
  6. Type 00000000 in the Binary Editor to set the value of the new key to equal "0".
  7. Click OK.
  8. Restart the computer.

    Add Feedback