{"id":18,"date":"2010-06-22T16:16:11","date_gmt":"2010-06-22T20:16:11","guid":{"rendered":"http:\/\/www.amixa.com\/blog\/?p=18"},"modified":"2013-10-26T17:15:37","modified_gmt":"2013-10-26T21:15:37","slug":"disabling-sslv2-support-in-iis","status":"publish","type":"post","link":"https:\/\/www.amixa.com\/blog\/2010\/06\/22\/disabling-sslv2-support-in-iis\/","title":{"rendered":"Disabling SSLv2 support in IIS"},"content":{"rendered":"

If you have undergone a “Trustkeeper Scan” and failed due to your Microsoft web server using SSLv2, then read on.<\/h4>\n

NOTE: PLEASE READ THIS POST IN OUR BLOG HERE<\/a>.\u00a0 It is TWO YEARS NEWER and simplifies most of the tasks regarding SSL settings.<\/span><\/p>\n

 <\/p>\n

SSLv2 is considered a “medium” security risk and will cause your scan to FAIL, so therefore to be PCI-DSS compliant (for credit card companies), you need to disable it via the registry on your Windows server running IIS 3 or later.<\/p>\n

The easiest way to do this is to read this KB article from Microsoft<\/a>.<\/p>\n

In a nutshell, you need to go to this registry key<\/p>\n

HKey_Local_Machine\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols<\/strong><\/span><\/pre>\n
Then locate the SSL 2.0 key
\n\"\"<\/a><\/p>\n