IIS v7 disabling SSL v 2.0

Question

I am attempting to disable SSL v2.0 protocol on IIS 7.

The following article refers to IIS v6: http://support.microsoft.com/kb/187498

It doesn't seem to apply because the only protocol listed in the registry is SSL 2.0 (not all the others) and the setting "DisabledByDefault=1" is already in there, which would seem to imply that it is disabled.

However, the following article seems to suggest that it still applies and to turn off "DisabledByDefault" which seems strange. http://forums.iis.net/t/1151822.aspx

I only need to disable SSL v2.0, but I want to be relatively confident I am doing the right thing.

Answer 1

I know this is a pretty old thread but I come to rely on it when I deploy new servers. I discovered this program today that makes settings SSL really easy on IIS. It's free and I ran it on one of my servers today and worked like a charm.

IIS Crypto

Answer 2

This article describes how you can disable SSL 2.0 in IIS 7:

• How to Disable SSL 2.0 in IIS 7

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate the following registry key/folder:
   HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders
\SCHANNEL\Protocols\SSL 2.0
3. Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
4. Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
5. Enter Enabled as the name and hit Enter.
6. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.
7. Restart the computer.
8. Verify that no SSL 2.0 ciphers are available at ServerSniff.net or the Public SSL Server Database

Answer 3

Add a DWORD named "Enabled" with value 0x0 (default) to the SSL 2.0 key