RMTWeb

View Original

Setting up Windows Server 2008 to use only SSL 3.0 and TLS 1.0 and disable SSL 2.0

As part of a recent penetration test it was identified that our server wasallowing SSL 2.0 which they identified as being listed as insecure. We wererequired to upgrade it to SSL 3.0 or TLS 1.0 and disable SSL 2.0, and you wouldthink that Microsoft would make this easy, however, it took several days to findout how to do this, as all of the other articles out there were very confusing –so here is a step-by-step guide.This guide uses the Windows Registry, make sure you back up the registry. Ihave only performed this on Windows Server 2008 Standard Edition, Windows Server2008 Partner Edition and Windows Server 2008 Enterprise Edition (all 64-bit). Iaccept no responsibility if this goes wrong, however, from experience there areno possible adverse effects even if you stop half way through making thechanges!Open RegeditBrowse toHKEY_LOCAL_MACHINE> SYSTEM> CurrentControlSet> Control> SecurityProviders> Schannel> Protocols> SSL 2.0 You will find two folders in this folder called Client andServerClick on the Client sub-folderYou will see one item DisabledByDefault REG_DWORD with a Value of 1Create a new DWORD (32-bit) ValueName it Enabled and set the value to 0(This is the default value anyway)Click on the Server sub-folderCreate a new DWORD (32-bit) ValueName it Enabled and set the value to 0(This is the default value anyway)Right-click on the Protocols folder, and choose NewKey