Link to home
Start Free TrialLog in
Avatar of acasgar
acasgar

asked on

PCT 1.0 and Disable SSL 2.0 Server 2008 x64

Not that I should be surprised but I cannot find PCT 1.0 or the other settings required to disable SSL 2.0 on my Server 2008 x64 with IIS 7.0.  According to Microsoft, http://support.microsoft.com/kb/187498 , I should see all sorts of Keys in the registry under HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols or lord knows where because the KB is USELESS!!!   Does anyone know what settings, what the keys are etc. to disable SSL 2.0 on Windows 2008 Server.  I need SSL but I can't be running 2.0 to pass site certification for PCI.
ASKER CERTIFIED SOLUTION
Avatar of Paranormastic
Paranormastic
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of acasgar
acasgar

ASKER

You rock!  If only the posts on this subject could be clear!  All one needs to do is add the registry keys, funny thats not mentioned in the article, just that you might need to edit them.  Which of course leads one to believe something is missing when the keys aren't there.  Just like your post says of the incredibly lame KB tries to say, add the registry key listed in the KB that you need to disable....in this case  HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server and add the DWORD to disable it.  Yes in Windows Server 2008 Standard x64 NONE of these keys are there, you need to add everything below Protocols!

To become PCI Compliant, assuming the only error you have is SSL 2.0 you need to add the above mentioned key (HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server) add the DWORD Enabled set it to 0 and reboot.  You will suddenly pass! and SSL will continue to work, just not version 2.0