Articles in Root

Share Via Email

Disable SSL 2.0 in IIS 7

Problem

How do I disable SSL 2.0 and other protocols in IIS 7?

Solution

When you have Windows Server 2008 that uses IIS 7, it uses SSL 2.0 by default.  Some standards, such as the PCI Compliance audit, do not allow the use of SSL 2.0. 

To fix this, you should disable SSL 2.0 in IIS 7 which will force use of the stronger SSL 3.0 instead.  Below are instructions on how to do this.

  1. Click on Start and then Run.  Type in regedt32 or regedit and then click OK.
  2. Once you have the registry open, locate the registry key
    HKey_Local_Machine\System\CurrentControlSet\Control|SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
  3. In the Edit menu, select Add Value.
  4. In the Data Type list, click on DWORD.
  5. In the Value Name box, type Enabled, and then click on OK.
    Note: If this value is present, double click on the value to edit this current value.
  6. Type 00000000 in the Binary Editor to set the value of the new key to equal "0".
  7. Click OK.
  8. Restart the computer.

Legal


DigiCert is the world’s premier provider of high-assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs.

© 2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.