How to disable SSL 2.0 and weak ciphers

On October 8, 2010, in Infrastructure, by Chris

This week a local customer requested some help on becoming PCI compliant in order to take credit card transactions through their website. In order to become PCI compliant there are guidelines around security that need to be met, specifically disabling SSL 2.0 and weak ciphers due to the vulnerabilities they introduce.

Before you begin, I recommend looking into an approved  PCI compliance scanning service. I can personally vouch that SecurityMetrics.com is a great, easy to use service that will give a detailed report on any security risks that prevent you from meeting the guidelines of PCI compliance.

There are really only 3 steps that need to be completed:

  1. Modify the following registry key to disable SSL 2.0  “HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server” add a DWORD with the name of “Enabled” and a value of 00 00 00 00 (means false)
  2. Modify the following registry key for each cipher less than 128 bit  “HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Ciphers” add a DWORD with the name of “Enabled” and a value of 00 00 00 00 (means false)
  3. RESTART
Tagged with:  

Leave a Reply