In order to disable SSLv2 and weak ciphers, you have to make several registry changes, and then, restart the Server. It’s so easy. However, if there are any applications using SSL v2.0 (instead of SSLv3) then it would fail.

How to Disable SSLv2 on Windows Server 2008 and Windows Server 2008 R2

To disable SSLv2 on Windows Server, under the registry key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] you should have a DWORD Value named Enabled set to 0 (I mean, "Enabled"=dword:00000000).

If the above registry key and value does not exist, create them.

Note that you could use a DWORD Value named DisabledByDefault set to 1, instead of using the Enabled value set to 0. Functionally, there is not much difference between them.

After that, reboot the server for the registry changes to come into effect.

For further information see: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

How to Disable weak ciphers

You could disable weak ciphers modifying the registry again. This time, you have to make several registry changes under the registry key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers].

There are many protocols that could be disabled, so you should identify what protocols to block, and then follow the KB article How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll.

That's all for today. I hope you enjoy the reading ! Cheers.