7.2 Ensure SSLv2 is disabled

Information

This protocol is not considered cryptographically secure. Disabling it is recommended. This protocol is disabled by default if the registry key is not present. A reboot is required for these changes to be reflected.

Rationale:

Disabling weak protocols will help ensure the confidentiality and integrity of in-transit data.

Solution

Perform the following to disable SSL 2.0:
1. If the following key is not present, SSL 2.0 is disabled. You can delete the key to disable the protocol. If you delete the key, steps 2 and 3 are not necessary.

HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

If the key exists, set it to 0.

HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server\Enabled

Default Value:

Enabled

See Also

https://workbench.cisecurity.org/benchmarks/14293

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 77000994ba6836f86c29e2b1f31e8fbb80d682032203124d121952d325b955f0