LeaderSSL Support: offline:
Mo - Fr 9:00 - 18:00 CET time
  1. Help
  2. How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

You ask — we answer!

How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

You can use HTTPS to connect to either of the following:

  • Microsoft Internet Information Server (IIS) versions 3.0 and later versions
  • Microsoft Internet Information Services (IIS) 5.0 and later versions

When you do this, the client and the server negotiate a common protocol to help secure the channel. If the server and the client have multiple protocols in common, IIS tries to help secure the channel with one of the protocols that IIS supports. The protocol that IIS uses is selected in the following order of preference:

  • PCT 1.0
  • SSL 3.0
  • SSL 2.0

Sometimes, you may want to disable one or more of these protocols. You can do this if you change the registry.

Отключение SSL 2.0:

Note In Windows® Server 2008, PCT 1.0 is not a configurable option, and you do not have to restart the server.

Microsoft Windows® NT Server stores information about different security-enhanced channel protocols that Windows® NT Server supports. This information is stored in the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols

Typically, this key contains the following subkeys:

  • PCT 1.0
  • SSL 3.0
  • SSL 2.0
  • TLS 1.0

Each key holds information about the protocol for the key. Any one of these protocols can be disabled at the server. To do this, you create a new DWORD value in the server subkey of the protocol. You set the DWORD value to "00 00 00 00."

Note By default, PCT is not enabled on Microsoft Windows® Server 2003.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

To disable the PCT 1.0 protocol so that IIS does not try to negotiate using the PCT 1.0 protocol, follow these steps:

1.Click Start, click Run, type regedt32 or type regedit, and then click OK.

2.In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\PCT 1.0\Server

3.On the Edit menu, click Add Value.

4.In the Data Type list, click DWORD.

5.In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value.

6.Type 00000000 in Binary Editor to set the value of the new key equal to "0".

7.Click OK. Restart the computer.


Still have questions? Write to us!

I Accept

By clicking «I Accept» you confirm that you have read and accepted the website Terms and Conditions, Privacy Policy, and Moneyback Policy.

>