Is SSLv2 disabled on Windows Server 2008 by default

Question

A question has come in about the need to turn off SSLv2 and stop ciphers below 128.

We currently run windows server 2003 so know about the fiddle with the registry to fix that.

We are looking at upgrading / moving our services to Windows Server 2008, but wondered if all of the issues with SSLv2 and SSLv3 have meant that Windows Server 2008 comes with these options turned off?

JMeterX · Accepted Answer · 2013-01-11T16:25:19.727

7

Windows 2008 has SSLv2 and SSLv3 enabled by default. To disable SSLv2 on Windows 2008 you may do the following:

Create a key named Server under: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

Create a DWORD value and name it Enabled ensure the value data is 0x0

Keep in mind that this setting only affects services and .exe's that actually use SCHANNEL.dll for SSL

edited Jan 11 '13 at 16:25

answered Jan 11 '13 at 16:19

JMeterX

3,387
15
31

2

+1 for posted faster than me. :P . And for OP, http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030 for more details. – Grumpy Jan 11 '13 at 16:22
1

It seems this is still true for Server 2008R2 and 2012 – Peter Hahndorf Jan 11 '13 at 17:30
has this now gone with 2016 or is this still on by default? – Luke Duddridge Nov 07 '17 at 09:37

Is SSLv2 disabled on Windows Server 2008 by default

1 Answers1