We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
You can use HTTPS to connect to either of the following:
Microsoft Internet Information Server (IIS) versions 3.0 and later versions
Microsoft Internet Information Services (IIS) 5.0 and later versions
When you do this, the client and the server negotiate a common protocol to help secure thechannel. If the server and the client have multiple protocols incommon, IIS tries to help secure thechannel with one of the protocols that IIS supports. The protocol that IIS uses is selected in the following order ofpreference:
Sometimes, you may want to disable one or more of these protocols. You can do this if you change the registry.
Note In Windows Server 2008, PCT 1.0 is not a configurable option, and you do not have to restart the server.
Microsoft Windows NT Server stores information about differentsecurity-enhanced channel protocols that Windows NT Server supports. This information is stored in the following registry key:
Typically, this key contains the following subkeys:
Each key holds information about the protocol for the key. Any one ofthese protocols can be disabled at the server. To do this, you create a new
value in the server subkey of the protocol. You set the
value to "00 00 00 00."
Note By default, PCT is not enabled on Microsoft Windows Server 2003.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
For information about how to modify the registry, see the "Changing keysand values" Help topic in Registry Editor. Also see the "Add anddelete information in the registry" Help topic and the "Edit registry data" Help topicin Registry Editor. To disable the PCT 1.0 protocol sothat IIS does not try to negotiate using the PCT 1.0 protocol, follow these steps:
Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry key: