Disable SSL 2.0 and PCT 1.0
When a company has gone through an external security check on of the most common failure is that SSL 2.0 and PCT 1.0 are enabled.
Why is this a big deal? What this means is that if a client application tries to connect to your server on one of this older protocols it will be allowed. The protocols are easily broken and therefore not recommended. To disable this do the following.
- Open regedit
- For PCT 1.0 go to:
- HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\PCT 1.0\Server
- For SSL 2.0
- HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SLL 2.0\Server
- Add a value of data type DWORD called ‘Enabled’
- In the binary value set to ‘00000000’ (the equivalent of ‘0’ turning it off)
- Reboot you computer.