For PCI compliance on an IIS5 or IIS6 server, SSL2 should be disabled and 40-bit should be disabled. This Microsoft KB includes a .reg script to disable everything except for 3DES TLS: http://support.microsoft.com/kb/245030/en-us However, TLS is not enabled by default in IE6 which makes this script problematic. IE6 clients without TLS enabled will present a [...]