Hi there,
We're running a website on a IIS6.0 / Windows2003 SP1 server, with a Thawte
web server certificate installed to enable HTTPS access. Now we want to force
client connections use SSL v3 or SLT 1.0 or SLT 1.1 or better, so we decided
to stop supporting SSL v2 on this server. But we wonder what we have to do to
achive this?
Many thanks in advance!
Ray
I believe this will disable SSLv2; but this is only a registry setting change.
1. Load regedt32.exe from Start->Run
2. Expand System->CurrentControlSet->Control->SecurityProviders->SCHAN NEL
3. Expand the Protocols branch
4. You will then need to expand the SSL2->Server branchs
5. There may or may not be a registry DWORD value called 'Enabled' shown
6. This should have a value of 0 which should disable SSLv2?????
7. If the value does not exist then create a DWORD value called 'Enabled'
with 0 as its value.
Any changes to this value (or its creation) will require a reboot of the
server.
I found this information on a Microsoft KB article although I can not seem
to find it now. Hope this helps.
"Ray Yan" wrote:
> Hi there,
>
> We're running a website on a IIS6.0 / Windows2003 SP1 server, with a Thawte
> web server certificate installed to enable HTTPS access. Now we want to force
> client connections use SSL v3 or SLT 1.0 or SLT 1.1 or better, so we decided
> to stop supporting SSL v2 on this server. But we wonder what we have to do to
> achive this?
>
> Many thanks in advance!
>
> Ray
http://support.microsoft.com/?id=245030
You basically turn off SSLv2 in schannel, which when used through IIS
means that IIS won't accept SSLv2, either.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Apr 27, 7:26 am, Matthew Cavill
> I believe this will disable SSLv2; but this is only a registry setting change.
>
> 1. Load regedt32.exe from Start->Run
> 2. Expand System->CurrentControlSet->Control->SecurityProviders->SCHAN NEL
> 3. Expand the Protocols branch
> 4. You will then need to expand the SSL2->Server branchs
> 5. There may or may not be a registry DWORD value called 'Enabled' shown
> 6. This should have a value of 0 which should disable SSLv2?????
> 7. If the value does not exist then create a DWORD value called 'Enabled'
> with 0 as its value.
>
> Any changes to this value (or its creation) will require a reboot of the
> server.
>
> I found this information on a Microsoft KB article although I can not seem
> to find it now. Hope this helps.
>
>
>
> "Ray Yan" wrote:
> > Hi there,
>
> > We're running a website on a IIS6.0 / Windows2003 SP1 server, with a Thawte
> > web server certificate installed to enable HTTPS access. Now we want to force
> > client connections use SSL v3 or SLT 1.0 or SLT 1.1 or better, so we decided
> > to stop supporting SSL v2 on this server. But we wonder what we have to do to
> > achive this?
>
> > Many thanks in advance!
>
> > Ray- Hide quoted text -
>
> - Show quoted text -