Disable SSL 2.0 and PCT 1.0 on IIS
Thu, 02/19/2009 - 18:05 — E.J. Sexton
With the release of the new PCI DSS requirements which forbid the use of SSL 2.0 and PCT 1.0 for online transactions, these two protocols must be disabled on all websites which handle the transfer of sensitive financial information in order to prevent a user from inadvertantly using these protocols. In order to simplify the process, I wrote this simple batch script.
cls
@echo off
echo.
echo Disable SSL-2.0 PCT-1.0.bat
echo Copyright TourTech Systems, Inc. All rights reserved.
echo.
echo *** Disabling SSL 2.0...
REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
if %errorlevel%==1 goto sslDone
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f
:sslDone
echo.
echo *** Disabling PCT 1.0...
REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server"
if %errorlevel%==1 goto pctDone
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server" /v Enabled /t REG_DWORD /d 0 /f
:pctDone
echo.
:done
echo *** Script Complete - RESTART REQUIRED
echo.
pause
In addition, I have compiled the batch file into a nice little exe file available for download. It does not get much easier than this file.
Requirements:
- Applies to IIS 3.0 through IIS 7.0
Sources:
- How to disable PCT 1.0, SSL 2.0, SSL 3.0 or TLS 1.0 in Internet Information Services
http://support.microsoft.com/kb/187498
| Attachment | Size |
|---|---|
| Disable SSLv2 PCTv1.zip | 15.68 KB |
Copyright TourTech Systems, Inc. All rights reserved.
145 N. 7th Street, Cambridge, Ohio 43725
powered by TourTools®