Removing SSL2 support from your secure sites

Modern browsers will attempt to negotiate the highest possible version of SLL, however a Man in the middle attack may try to downgrade your connection to the weakest protocol, making you site vulnerable.

By adding the reg keys below, support for SSL2 will be removed from IIS

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]

You can then test the security of your site by using SSL Labs, hopefully it looks something like below.

SSL Labs Report Card

Note: You should always back up your registry before making any changes, the author does not accept any responsibility for system or data loss.