|
Home > Archive > IIS Server Security > April 2007 > How to disable SSL v2 support on IIS 6.0?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to disable SSL v2 support on IIS 6.0?
|
|
| Ray Yan 2007-04-03, 1:19 am |
| Hi there,
We're running a website on a IIS6.0 / Windows2003 SP1 server, with a Thawte
web server certificate installed to enable HTTPS access. Now we want to force
client connections use SSL v3 or SLT 1.0 or SLT 1.1 or better, so we decided
to stop supporting SSL v2 on this server. But we wonder what we have to do to
achive this?
Many thanks in advance!
Ray
| |
| Matthew Cavill 2007-04-27, 1:20 pm |
| I believe this will disable SSLv2; but this is only a registry setting change.
1. Load regedt32.exe from Start->Run
2. Expand System->CurrentControlSet->Control->SecurityProviders->SCHANNEL
3. Expand the Protocols branch
4. You will then need to expand the SSL2->Server branchs
5. There may or may not be a registry DWORD value called 'Enabled' shown
6. This should have a value of 0 which should disable SSLv2?????
7. If the value does not exist then create a DWORD value called 'Enabled'
with 0 as its value.
Any changes to this value (or its creation) will require a reboot of the
server.
I found this information on a Microsoft KB article although I can not seem
to find it now. Hope this helps.
"Ray Yan" wrote:
> Hi there,
>
> We're running a website on a IIS6.0 / Windows2003 SP1 server, with a Thawte
> web server certificate installed to enable HTTPS access. Now we want to force
> client connections use SSL v3 or SLT 1.0 or SLT 1.1 or better, so we decided
> to stop supporting SSL v2 on this server. But we wonder what we have to do to
> achive this?
>
> Many thanks in advance!
>
> Ray
| |
| David Wang 2007-04-30, 1:17 am |
| http://support.microsoft.com/?id=245030
You basically turn off SSLv2 in schannel, which when used through IIS
means that IIS won't accept SSLv2, either.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Apr 27, 7:26 am, Matthew Cavill <Matthew
Cav...@discussions.microsoft.com> wrote:
> I believe this will disable SSLv2; but this is only a registry setting change.
>
> 1. Load regedt32.exe from Start->Run
> 2. Expand System->CurrentControlSet->Control->SecurityProviders->SCHANNEL
> 3. Expand the Protocols branch
> 4. You will then need to expand the SSL2->Server branchs
> 5. There may or may not be a registry DWORD value called 'Enabled' shown
> 6. This should have a value of 0 which should disable SSLv2?????
> 7. If the value does not exist then create a DWORD value called 'Enabled'
> with 0 as its value.
>
> Any changes to this value (or its creation) will require a reboot of the
> server.
>
> I found this information on a Microsoft KB article although I can not seem
> to find it now. Hope this helps.
>
>
>
> "Ray Yan" wrote:
>
>
>
>
> - Show quoted text -
|
|
|
|
|