Securing SSL on Windows 2008 R2

Securing SSL on Windows 2008 R2

To secure SSL on windows 2008 R2 please do the following:

1. Create an empty reg file.

2. Copy the following content into it:
========================================================================================

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]

"DisabledByDefault"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\server]

"DisabledByDefault"=dword:00000001

"enabled"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\server]

"Enabled"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\server]

"Enabled"=dword:00000001

"DisabledByDefault"=dword:00000000

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{6905C2C7-EEAF-4ED4-885E-04E04B9ADC78}Machine\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

"Functions"="TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA"

========================================================================================

3. Save the file.
4. Run it.
5. Restart the server for changes to take effect.
6. You are done.

    • Related Articles

    • Install SSL Certificate inside SolidCP

      Login to your SolidCP Control Panel 2. Click on Web Sites under your plan. 3.Click on the website to which you wish to install the SSL. 4. Choose SSL from the tabs on the next window. 5. If you already have the SSL click on Upload Certificate, ...
    • Setting up Remote Apps on Windows and Mac and IOs Devices

      Users have 2 options to fetch RDS Apps.  Log in directly to RDWeb CAD - https://rds-cad.dnpexchange.com USA - https://rds-usa.dnpexchange.com Users can log in utilizing their RDS users created in SolidCP (email address + password) and will grant ...
    • FTP over SSL

      How do I use FTP over SSL (FTPS)? To use FTP over SSL you need to have a FTP client that supports FTP over SSL (FTPS). Filezilla for Windows and Cyberduck for Mac OS X support this and have been tested to work. Below directions will be for both ...
    • Wildcard SSL

      Wildcard Certificates use Subject Alternative Names (SANs) to secure a domain and all of its first-level subdomains. For example, a certificate for *.example.com secures www.example.com, mail.example.com, blog.example.com etc. A standard SSL ...
    • Windows Server 2k8 2k12 2k16 failing to boot.

      Failing to boot showing the following error: OR  You cant see the SAFE MODE and other options are not available to you when you press F8 as shown from : P.S.  also check Microsoft documentation from: ...