Kazmarek

Free Site Analysis 1-858-952-5400
REMOTE ASSISTANCE
  • Home
  • OnGoing Management
  • IT Services
    • Microsoft 365, Exchange Services, and Consulting
    • Cloud Solutions
    • Virtualization
    • Mobility
    • Backup & Disaster Recovery
    • Server Installation/Migration
    • VoIP
    • Network & System Administration
    • Additional Solutions
  • Why Kazmarek
    • Case Studies
    • Testimonials
    • KTS Values
  • For Clients
    • O365 Log In
    • Client Portal
    • KTS Documents
    • SonicWALL VPN Client
  • News
    • Newsletters
  • Who We Are
    • Company
    • Team
    • KTS E-Award Winners
    • KTS Values
    • Charities We Support
  • Contact Us
    • Contact Us
    • Careers

Disable SSL v2.0 in IIS

February 26, 2010 by Robert Masterson

While going through a vulnerability scan for PCI compliancy, the report noted that IIS 7 on a Small Business Server 2008 was still using SSL v2.0 instead of SSL 3.0 or TLS 1.0. To disable SSL v2.0:

  1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
  2. In Registry Editor, locate the following registry key:HKey_Local_MachineSystemCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server
  3. On the Edit menu, click Add Value.
  4. In the Data Type list, click DWORD.
  5. In the Value Name box, type Enabled, and then click OK.Note If this value is present, double-click the value to edit its current value.
  6. Type 00000000 in Binary Editor to set the value of the new key equal to “0”.
  7. Click OK. Restart the computer.

IIS negotiates the encryption with the client browser. An attacker could use a tool that tells the server it has only sslv2 (which is weaker) available. If you disable sslv2 it only uses v3 or tls, as requested by browser. A browser only supporting sslv2 would fail.

 This applies to Windows Server 2003, and Windows Server 2008, and both versions of SBS.

http://support.microsoft.com/default.aspx?scid=kb;en-us;187498

Categories

  • Active Directory
  • Backup Exec (All Versions)
  • Blackberry / Blackberry Enterprise Server
  • Citrix
  • Cool Tech Stuff
  • CRM
  • Dell
  • Exchange 2007
  • Exchange 2010
  • Exchange 2013
  • Exchange Hosted
  • Exchange Server
  • Group Policy
  • IIS
  • Kaseya
  • kazmarek
  • MacOS
  • Microsoft
  • Networking
  • newsletter
  • Office
  • Office 365
  • Office Communications Server
  • OfficeScan
  • Outlook
  • Printing
  • SBS 2003
  • SBS 2008
  • SBS 2011
  • Server 2003
  • Sharepoint
  • Spyware
  • SQL
  • Symantec
  • Terminal Server
  • Thawte
  • Trend Micro
  • Uncategorized
  • Virtual Server
  • Websense
  • Windows 7
  • Windows Mobile
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows XP Pro/Home
Copyrights: © 2023 Kazmarek. All rights reserved.

Designed by TinyFrog & N Halie Designs