in Security, Windows Server

How to disable SSL v2 and v3 on Windows server 2008

Windows server 2008 enables SSL v2 and SSL v3 by default. These versions are outdated weak and exposed to recent threats, including POODLE. To secure the server and pass PCI compliance checks you must disable these weak ciphers and enforce clients to use TLS 1.0 or greater.

Here’s how to disable SSL v2:

1. Start – Run
2. Type “regedit” and click OK
3. Locate the following key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
4. Right click the “SSL 2.0” key and select Edit > Add key
5. Type “Server” and click Enter
6. Right click Server and select New > Add DWORD (32 bit) value
7. Type “Enabled” as the name and make sure the value is “0”
8. Restart the server

Here’s how to disable SSL v3:

1. Start – Run
2. Type “regedit” and click OK
3. Locate the following key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0 (If it doesn’t exist, create it)
4. Right click the “SSL 3.0” key and select Edit > Add key
5. Type “Server” and click Enter
6. Right click Server and select New > Add DWORD (32 bit) value
7. Type “Enabled” as the name and make sure the value is “0”
8. Restart the server

Write a Comment

Comment

  1. Can you use this same procedure to disable SSLv3 on windows 7 too?

  2. I use GFI languard to scan and report any vulnerabilities on my network. I have a Windows 7 PC that even after I apply these changes too, my languard scan continues to notate the SSL v3 vulnerability. Do you have any suggestions?