in IIS, Security, Windows

How to disable SSL v2 / enable SSL v3 on Windows 2008

SSL v2 is weak and outdated protocol. All modern browsers support SSL v3 and it’s enabled by default on Windows 2008 (IIS 7 / IIS 7.5). To make sure all clients are using SSL v3 we must disable SSL v2. This is required for PCI compliance.

This is what needs to be done to disable SSL v2:

1. Start – Run
2. Type “regedit” and click OK
3. Locate the following key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
4. Right click the “SSL 2.0” key and select Edit > Add key
5. Type “Server” and click Enter
6. Right click Server and select New > Add DWORD (32 bit) value
7. Type “Enabled” as the name and make sure the value is “0”
8. Restart the server

Write a Comment


  1. SSL 3.0 is enabled by default so no key is required unless you want to disable it.