Disabling the SSLv2 or SSLv3
To disable SSLv2 and SSLv3 ensure the following settings are enabled in the registry. If the registry key is not present, then create the registry key manually:
-
Ensure key
DisabledByDefault
is equal to 1HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server\DisabledByDefault
. -
Ensure key
Enabled
is equal to 0HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server\Enabled
. -
Ensure key
DisabledByDefault
is equal to 1HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server\DisabledByDefault
. -
Ensure key
Enabled
is equal to 0HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server\Enabled
.