Enable SSL 3.0 Server 2008 SBS and SBS 2011

Most people who are running Server 2008 SBS and try to use the SSL 3.0 protocol on it may have gotten a little frustrated with it because the server doesn't understand anything connected to this protocol. The server will connect with the protocol but first you need to do some configuration in the registry keys. Make sure you are signed in as the domain Administrator on the server and do the following:

1. Make a backup of the Registry (Just in case you need to restore the registry)
2. Open "regedit" and add 3 new keys (SSL 2.0, SSL 3.0, and TLS 1.0)
1. The code for making SSL 2.0 is as follows: HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSecurityProvidersSCHANNELProtocolsSSL 2.0
2. The code for making SSL 3.0 is as follows: HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSecurityProvidersSCHANNELProtocolsSSL 3.0
3. The code for making TLS is as follows: HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSecurityProvidersSCHANNELProtocolsTLS 1.0
3. Once the protocol keys are made, go in under each protocol folder and create Client and Server keys. (The code for this is the same as above except for adding the word "Client" or "Server" at the end.)
4. Next you have to go in the Client and Server keys and create a DWORD (32 bit) value called "Enabled" for SSL 2.0, SSL 3.0, and TLS 1.0.
1. Some general information for this is as follows: DWORD (32bit) Value Value name = Enabled Value date = 0 Value date can be set to “1″ – Enabled or “0″ – Disabled
5. Next step is to setup some Ciphers by going to the following key in the regisrty: HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSecurityProvidersSCHANNELCiphers.
6. Once in the Ciphers key section you are gonna make 3 Cipher keys. To do this right click on "Ciphers", "New, "Key" and make sure the following is in the key:
   1. For the first cipher put in the following: HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSecurityProvidersSCHANNELCiphersRC2 128/128
   2. For the 2nd cipher put in the following: HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSecurityProvidersSCHANNELCiphersRC4 128/128
   3. For the 3rd cipher put in the following: HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlSecurityProvidersSCHANNELCiphersTriple DES 168/168
7. Once those 3 cipher keys are in, close out of the regedit program, and reboot the server to apply these keys.
8. Once the server comes back up, the SSL 3.0 protocols should be able to talk to the 2008 SBS and/or SBS 2011 server without any problems.

For a more detailed rundown of the process for these steps, contact the IT dept via this blog or click here.