7.2 Ensure SSLv2 is disabled

Information

This protocol is not considered cryptographically secure. Disabling it is recommended. This protocol is disabled by default if the registry key is not present. A reboot is required for these changes to be reflected.

Disabling weak protocols will help ensure the confidentiality and integrity of in-transit data.

Solution

Perform the following to disable SSL 2.0:
1. If the following key is not present, SSL 2.0 is disabled. You can delete the key to disable
the protocol. If you delete the key, steps 2 and 3 are not necessary.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
2. If the key exists, set it to 0.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server\Enabled

See Also

https://workbench.cisecurity.org/files/165

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13, CSCv6|9.1

Plugin: Windows

Control ID: 3d9e3752d25e7b1abd8b2dfbb170b3578a4772de561537ca68dea37966fd08b0