Server 2008 enterprise 64 bit, SP2, running IIS 7. I ran the followint to ensure SSL 3.0 and TLS 1.0 are enabled:
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 2.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\SSL 3.0\Client" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols\TLS 1.0\Client" /v Enabled /t REG_DWORD /d 1 /f
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Ciphers\RC2 128/128"
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Ciphers\RC4 128/128"
REG ADD "HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Ciphers\Triple DES 168/168"
All users that have tested are running IE 8 with SSL 2.0 disabled, only SSL 3 and TLS 1.0 are selected under the Advanced options.
The problem is: users on the same network as the server can hit the websites with no problem (128 bit enforced). Users accessing the site over the internet can not access the site (standard "cannot access this site" message). If I leave SSL 3.0 enabled on the site and disable TLS 1.0 (but I then lose the ability to use remote desktop to the server), they can then access it. OR, if I have the user enable SSL 2.0 in IE, it works.
What am I doing wrong?