Question : Disabling SSLv2 in IIS7 on Win 2008 64 bit machine

Hi!

I am trying to disable SSLv2 on my web server so i can become compliant for a vulnerability test.

I have a 64bit windows web server 2008 machine running IIS7

I have tried adding a registry value according to the last post in:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/1cf01f33-9cbe-4b76-b01c-83923c4cda04

But this did not work :(

I would also like to know how to test if it has been disabled without having to run through the entire vulnerability test with the security agency. If there is a tool/website out there that would be handy too.

Any help would be greatly appreciated!

Answer : Disabling SSLv2 in IIS7 on Win 2008 64 bit machine

There are two parts to get this working for 2008 server.

- Add the SSL and TLS protocols in the registry (both client and server). Set Enabled to 0 for SSLv2, and Enabled to 1 for SSLv3 and TLS

- Add the correct Ciphers to the registry. Reboot the server for the changes to take effect.

The article you mentioned does not include the second part, adding the Ciphers to the registry.

Follow the instructions in this link to do the above:
http://forums.iis.net/p/1151822/1925447.aspx#1925447

Random Solutions

Linux Terminal Server - LTSP

MSOffice Home and Student 2007 with Outlook 2003?

XP Clients won't pick up SBS 2008 Drive Mappings from Group Policy

dhcpserver errors

WINDOW FORM in NET FRAMEWORK

Un-highlight selected item in listbox

Revision history in Office 2007

Passing datagrid data between form fields

Visual Studio Setup Project don't RemovePreviousProjects