Disable SSLV2 In Server 08

less than 1 minute read

Description:

For security reasons, you may be asked by another company to disable SSLV2 on your server. To resolve, follow these steps.

To Resolve:

  1. Open the registry and create a key named “Server” under the following entry : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

  2. Under the registry key Server, create a DWORD value named Enabled and change the value data to 00000000.

  3. Reboot.

  4. If that doesn’t work, try creating a DWORD value named “DisabledByDefault” and change the value data to “00000001”.

  5. Reboot again.

  6. Essentially:

6a. reg add “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server” /ve /f

6b. reg add “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server” /t REG_DWORD /v Enabled /d 0 /f

6c. reg add “HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server” /t REG_DWORD /v DisabledByDefault /d 1 /f

 

To Disable SSLv3:

  1. Copy and paste this to a .reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
“DisabledByDefault”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
“Enabled”=dword:00000000