(MAKE SURE THAT YOU BACKUP YOUR REGISTRY BEFORE APPLYING THOSE CHANGES)
• Using regedit to add the following keys ( right click on protocols -> new -> key -> "SSL 2.0" then "SSL 3.0" then "TLS 1.0" )
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0
• Under each of the keys above you need to create additional keys "Client" and "Server"
For SSL 2.0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
For SSL 3.0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
For TLS 1.0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
• Then you will have to create DWORD (32bit) value called "Enabled" under each "Client" and "Server" key for "SSL 2.0, SSL 3.0 and TLS 1.0"
DWORD (32bit) Value
Value name = Enabled
Value date = 0
Value date can be set to "1" - Enabled or "0" – Disabled
In this scenario the values were "enabled" (set to 1) for SSL 3.0 and TLS 1.0 and "disabled" (set to 0) for SSL 2.0
• Next step is to add correct Ciphers, to do so you will have to navigate to the following key in the registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
(right click on "Cliphers" New -> Key)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168
That's all! Now you need to restart your server to apply those changes.