Rectangle 27 6

Enforcing 128-bit encryption keys via the check box is step 1 to enforcing strong SSL on your webserver, but without explicitly disabling weak encryption algorithms in the registry, clients can request to use less secure methods of encryption (while using keys that are 128-bits in length). Here is the KB for editing the registry http://support.microsoft.com/kb/245030.

However, I followed this, rescanned for vulnerabilities and found that I missed some so here is an article that better explains what to turn off: http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html. You will need to reboot after you are done for the changes to take effect.

iis ssl https encryption tls