How to disable SSL 2.0 in Internet Information Services 7

  • [アーティクル]

Problem
=======
SSL 2.0 is not disabled on Win2k8 server even after applying KB187498.
 

Resolution
==========

1. At a command prompt, enter gpedit.msc. The Group Policy Object Editor appears.
2. Expand Computer Configuration, Administrative Templates, Network, and then click SSL Configuration Settings.
3. Under SSL Configuration Settings, click the SSL Cipher Suite Order setting.
4. In the SSL Cipher Suite Order pane, scroll to the bottom of the pane.
Follow the instructions labeled "How to modify this setting"

How to modify this setting.
-------------------------------
1. Open a blank notepad document.

2. Copy and paste the list of available suites into it.

3. Arrange the suites in the correct order; remove any suites you don't want to use.

4. Place a comma at the end of every suite name except the last. Make sure there are NO embedded spaces.

5. Remove all the line breaks so that the cipher suite names are on a single, long line.

6. Copy the cipher-suite line to the clipboard, then paste it into the edit box. The maximum length is 1023 characaters.

Related Resources
====================
187498 How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
<https://support.microsoft.com/default.aspx?scid=kb;EN-US;187498>

https://msdn.microsoft.com/en-us/library/bb870930(VS.85).aspx

Comments