Search This Blog

Tuesday, 5 July 2011

Disable SSL 2.0 for PCI Compliance

If you need to switch off SSl 2.0 on an ISA Server for a PCI Compliance Scan this is quite simple to do. First you can switch off PCT and then SSL 2.0

Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\PCT 1.0\Server
On the Edit menu, click Add Value.
In the Data Type list, click DWORD.
In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value.
Type 00000000 in Binary Editor to set the value of the new key equal to "0".
Click OK. Restart the computer.

Perform the same change for the SSL 2.0 key