Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Article ID: 187498 - View products that this article applies to.
This article was previously published under Q187498
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspxFor more information about IIS 7.0, visit the following Microsoft Web site:
You can use HTTPS to connect to either of the following:
Note In Windows Server 2008, PCT 1.0 is not a configurable option, and you do not have to restart the server.
Microsoft Windows NT Server stores information about different security-enhanced channel protocols that Windows NT Server supports. This information is stored in the following registry key:
Typically, this key contains the following subkeys:
DWORDvalue in the server subkey of the protocol. You set the
DWORDvalue to "00 00 00 00."
Note By default, PCT is not enabled on Microsoft Windows Server 2003.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
For information about how to modify the registry, see the "Changing keys and values" Help topic in Registry Editor. Also see the "Add and delete information in the registry" Help topic and the "Edit registry data" Help topic in Registry Editor.
To have us disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 for you, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Let me fix it myself" section.
Fix it for me
To fix this problem automatically, click the Fix it button or link. Click Run in the File Download dialog box, and follow the steps in the Fix it wizard.
Fix this problem
Microsoft Fix it 50495
Then, go to the "Did this fix the problem?" section.
Let me fix it myself
To disable the PCT 1.0 protocol so that IIS does not try to negotiate using the PCT 1.0 protocol, follow these steps:
Did this fix the problem?
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/245030/ )How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
Article ID: 187498 - Last Review: September 2, 2010 - Revision: 11.0