How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

posted in: Tech | 0

http://support.microsoft.com/default.aspx?scid=kb;en-us;187498

This information is stored in the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders
\SCHANNEL\Protocols

Typically, this key contains the following subkeys:
* PCT 1.0
* SSL 2.0
* SSL 3.0
* TLS 1.0
Each key holds information about the protocol for the key. Any one of
these protocols can be disabled at the server. To do this, you create a
new DWORD value in the server subkey of the protocol. You set the DWORD
value to “00 00 00 00.”

Note By default, PCT is not enabled on Microsoft Windows Server 2003.

To disable the PCT 1.0 protocol so that IIS does not try to negotiate
using the PCT 1.0 protocol, follow these steps:

Warning Serious problems might occur if you modify the registry
incorrectly by using Registry Editor or by using another method. These
problems might require that you reinstall your operating system.
Microsoft cannot guarantee that these problems can be solved. Modify the
registry at your own risk.

For information about how to modify the registry, see the “Changing keys
and values” Help topic in Registry Editor. Also see the “Add and delete
information in the registry” Help topic and the “Edit registry data”
Help topic in Registry Editor.
1. Click Start, click Run, type regedt32 or type regedit, and then
click OK.
2. In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders
\SCHANNEL\Protocols\PCT 1.0\Server
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its
current value.
6. Type 00000000 in Binary Editor to set the value of the new key
equal to “0”.
7. Click OK. Restart the computer.”