Knowledgebase
Disable SSL v2 Print this Article
r some reason, Windows Server 2008 using IIS 7 allows SSL 2.0 by default. Unfortunately, this means you will fail a PCI Compliance scanby default. To properly secure your server and ensure that you pass your PCI-DSS scans, you will need to disable SSL 2.0 and disable weak ciphers. In order to disable SSL 2.0 in IIS 7 and make sure that the stronger SSL 3.0 or TLS 1.0 is used, follow these instructions:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate the following registry key/folder:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0 - Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
- Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
- Enter Enabled as the name and hit Enter.
- Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.
- Restart the computer.
- Verify that no SSL 2.0 ciphers are available at ServerSniff.net or the Public SSL Server Database
Note: This process is essentially the same on an IIS 6 (Windows Server 2003) machine. Normally, the Server key under SSL 2.0 will already be created so you will just need to create a new DWORD value under it and name it Enabled.
Was this answer helpful?
Related Articles
Installing Zend Guard on IIS7 64-bit
Download the Zend Guard dll for your version of PHP from...
Download the Zend Guard dll for your version of PHP from...