Disable SSLV2 In Server 08

less than 1 minute read

Description:

For security reasons, you may be asked by another company to disable SSLV2 on your server. To resolve, follow these steps.

To Resolve:

  1. Open the registry and create a key named “Server” under the following entry : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

  2. Under the registry key Server, create a DWORD value named Enabled and change the value data to 00000000.

  3. Reboot.

  4. If that doesn’t work, try creating a DWORD value named “DisabledByDefault” and change the value data to “00000001”.

  5. Reboot again.

  6. Essentially:

    1
2
3

    reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /ve /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /t REG_DWORD /v Enabled /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /t REG_DWORD /v DisabledByDefault /d 1 /f

  7. To Disable SSLv3: Copy and paste this to a .reg file:

    1
2
3
4
5
6
7
8
9

    Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]  
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]  
"Enabled"=dword:00000000

Tags:

Updated:

Comments

You May Also Enjoy