How to Disable SSL 2.0 in IIS 7

For some reason, Windows Server 2008 using IIS 7 allows SSL 2.0 by default. Unfortunately, this means you will fail a PCI Compliance audit by default. In order to disable SSL 2.0 in IIS 7 and make sure that the stronger SSL 3.0 ot TLS 1.0 is used, follow these instructions:

• Click Start, click Run, type regedit, and then click OK.
• In Registry Editor, locate the following registry key/folder: HKey_Local_MachineSystemCurrentControlSetContro lSecurityProvidersSCHANNELProtocolsSSL 2.0
• Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
• Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
• Enter Enabled as the name and hit Enter.
• Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn’t, right-click and select Modify and enter 0 as the Value data.
• Restart the computer.
• Verify that no SSL 2.0 ciphers are available at //www.serversniff.net/content.php?do=ssl