A question has come in about the need to turn off SSLv2 and stop ciphers below 128.
We currently run windows server 2003 so know about the fiddle with the registry to fix that.
We are looking at upgrading / moving our services to Windows Server 2008, but wondered if all of the issues with SSLv2 and SSLv3 have meant that Windows Server 2008 comes with these options turned off?
Best Answer
Windows 2008 has SSLv2 and SSLv3 enabled by default. To disable SSLv2 on Windows 2008 you may do the following:
Create a key named
Server
under:HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
Create a
DWORD
value and name itEnabled
ensure the value data is0x0
Keep in mind that this setting only affects services and .exe's that actually use SCHANNEL.dll for SSL