How to turn off Weak SSL Ciphers on IIS

By Akbar

With growing security concersn for the site, it’s now recommended to don’t use the Weak or No Ciphers at all. Unfortunately, these weak ciphers are enabled by default in most of the IIS versions.

If you don’t want to supports the use of SSL ciphers that offer either weak encryption or no encryption at all, then you can easily turn them of by by modifying the corresponding registry entries under following path:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELCiphers

Basically, to fix this security warning, you should disable the SSLv2 and any SSL Ciphers less than 128 bit encryption.

The following link discuss the steps you need to perform:
http://blog.techstacks.com/2008/10/iis-disabling-sslv2-and-weak-ciphers.html

If you want more info or details, please check the following link:
http://support.microsoft.com/kb/187498

As it’s risky task, I will recommend that you first try it on a test machine.

Good luck and be careful when editing registry entries.