PCT 1.0 and Disable SSL 2.0 Server 2008 x64

Posted on 2009-02-09
Last Modified: 2013-11-29
Not that I should be surprised but I cannot find PCT 1.0 or the other settings required to disable SSL 2.0 on my Server 2008 x64 with IIS 7.0.  According to Microsoft, , I should see all sorts of Keys in the registry under HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols or lord knows where because the KB is USELESS!!!   Does anyone know what settings, what the keys are etc. to disable SSL 2.0 on Windows 2008 Server.  I need SSL but I can't be running 2.0 to pass site certification for PCI.
Question by:acasgar
    LVL 31

    Accepted Solution

    You may need to add the entries to the registry so you can disable them.  Here's a quick article to save some typing:
    LVL 2

    Author Comment

    You rock!  If only the posts on this subject could be clear!  All one needs to do is add the registry keys, funny thats not mentioned in the article, just that you might need to edit them.  Which of course leads one to believe something is missing when the keys aren't there.  Just like your post says of the incredibly lame KB tries to say, add the registry key listed in the KB that you need to this case  HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server and add the DWORD to disable it.  Yes in Windows Server 2008 Standard x64 NONE of these keys are there, you need to add everything below Protocols!

    To become PCI Compliant, assuming the only error you have is SSL 2.0 you need to add the above mentioned key (HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server) add the DWORD Enabled set it to 0 and reboot.  You will suddenly pass! and SSL will continue to work, just not version 2.0

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now