SSL v3 on Windows 2008
I have a Windows 2008 server we want to disable SSL v2 when looking at the registry keys we dont see the SSL 3.0 folder does disabling v2 require that you have the SSL 3.0 key?
June 8th, 2009 11:42pm
Hi,
I suggest referring to the following article:
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
http://support.microsoft.com/kb/187498/en-us
If SSL 3.0 key does not exist, you can manually create it and disable SSL 3.0 according to the following steps:
1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols
3. Right-click Protocols, click New, click Key and name it as SSL 3.0.
4. Right-click SSL 3.0, click New, click Key and name it as Server.
5. Right-click Server, click New, click DWORD (32bit) Value and name it as Enabled.
6. Double-click Enabled and make sure its value is 0.
Hope it helps.
Tim Quan - MSFT
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2009 6:02am
hi TimI thought ssl v 3.0 is enabled by default in windows 2008 serversainath
windows driver development.
June 9th, 2009 9:53am
I want to enable SSL 3.0 though and disable SSL 2.0 can i just turn off SSL 2.0 or do i have to create the 3.0 key as well.
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2009 4:00pm
hi ther,e please follow Tim's suggestion todisablessl 2.0 HKLM\System\CurrentControlSet\control\securityproviders\schannel\protocols\SSL 2.0\ServerCreate a REG_DWORD value named Enabled and set it to 0as far as ssl v3.0 is concerned, per my knowledge it is enabled by defaultsainath
windows driver development.
June 10th, 2009 7:28pm
Excellent thanks guys,
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2009 7:49pm
I followed these instructions, but my scanning software still reports SSLv2 is on. I had to create SSL3 entry per instructions. I also found that there was no Server key under SSL 2.0 so I created it and the Enabled dword entry. What is the next step?
January 28th, 2010 4:10am
Did you reboot the server? Any time you change the registry, you must either restart the relevant service or perform a reboot in order for those changes to take effect.
Free Windows Admin Tool Kit Click here and download it now
December 28th, 2010 9:34am
Although the answers are correct, from a practical viewpoint there is a more complete answer which worked for me. See Nick Lowther's answer:
Is it possible to disable SSLv2 on a Windows 2008 domain controller so that secure LDAP communication is forced to use SSLv3 or TLSv1
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/1cf01f33-9cbe-4b76-b01c-83923c4cda04
March 1st, 2011 4:04am