I have a Windows 2008 server we want to disable SSL v2 when looking at the registry keys we dont see the SSL 3.0 folder does disabling v2 require that you have the SSL 3.0 key?

Hi, I suggest referring to the following article: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services http://support.microsoft.com/kb/187498/en-us If SSL 3.0 key does not exist, you can manually create it and disable SSL 3.0 according to the following steps: 1. Click Start, click Run, type regedt32 or type regedit, and then click OK. 2. In Registry Editor, locate the following registry key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols 3. Right-click Protocols, click New, click Key and name it as SSL 3.0. 4. Right-click SSL 3.0, click New, click Key and name it as Server. 5. Right-click Server, click New, click DWORD (32bit) Value and name it as Enabled. 6. Double-click Enabled and make sure its value is 0. Hope it helps. Tim Quan - MSFT

hi TimI thought ssl v 3.0 is enabled by default in windows 2008 serversainath windows driver development.

I want to enable SSL 3.0 though and disable SSL 2.0 can i just turn off SSL 2.0 or do i have to create the 3.0 key as well.

hi ther,e please follow Tim's suggestion todisablessl 2.0 HKLM\System\CurrentControlSet\control\securityproviders\schannel\protocols\SSL 2.0\ServerCreate a REG_DWORD value named Enabled and set it to 0as far as ssl v3.0 is concerned, per my knowledge it is enabled by defaultsainath windows driver development.

Excellent thanks guys,

I followed these instructions, but my scanning software still reports SSLv2 is on. I had to create SSL3 entry per instructions. I also found that there was no Server key under SSL 2.0 so I created it and the Enabled dword entry. What is the next step?

Did you reboot the server? Any time you change the registry, you must either restart the relevant service or perform a reboot in order for those changes to take effect.

Although the answers are correct, from a practical viewpoint there is a more complete answer which worked for me. See Nick Lowther's answer: Is it possible to disable SSLv2 on a Windows 2008 domain controller so that secure LDAP communication is forced to use SSLv3 or TLSv1 http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/1cf01f33-9cbe-4b76-b01c-83923c4cda04