I know this is possible for IIS 7.0, but I was wondering about IIS 6.0. Is it possible to have SSL 3.0 on an IIS Server 6.0 and disable SSL 2.0 on the server? If so, how would I go about doing this? Also, was wondering if it is possible to apply SSL to the FTP site here. It is one of the requirements for PCI complinance. Thanks in advance.
On IIS 6 we cannot support SSL over FTP. But as for disabling SSL 2.0 in IIS 6 and have SSL 3.0 I would open a ticket to the help desk and see if they have a server already configured for this. rcp DiscountASP.NET www.DiscountASP.NET
We have disabled SSL 2.0 on one newer IIS 7 server and are evaluating the impact. If there is no downside to dropping SSL 2.0 (and there shouldn't be at this point), we may consider dropping it from all the web servers, which would remove one obstacle to PCI compliance. FTP via SSL however, asrcp pointed out, is an IIS 7 only option.
