To turn off sslv2 (SSL Version 2)
regedit
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
Right click New/DWORD name it Enabled (leave the data value as 0x00000000 (0) then reboot server.
SSL Weak cipher suites supported
regedit
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
Then right click on DES 56/56 and create new/DWORD Value type in Enabled in the name and for the data value 0x00000000
Then do the same for RC2 40/128, RC4 40/128, RC4 56/128
Rescan with Nessus and you should not see SSL Weak cipher suites supported any more.
----------------------------------------------
root@bt:~# nmap --script ssl-enum-ciphers -p 443 IP-Address
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-07-11 12:58 BST
Nmap scan report for test-pc (IP-Address)
Host is up (0.00039s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
|_ Least strength = strong
MAC Address: 11:22:33:a1:2b:3d
Nmap done: 1 IP address (1 host up) scanned in 431.46 seconds
myexploit 