We've developed a very useful script (Powershell) that will make the necessary security changes in one step. This script does the following:
# Disable Multi-Protocol Unified Hello
# Disable PCT 1.0
# Disable SSL 2.0 (PCI Compliance)
# Disable SSL 3.0 (PCI Compliance) and enable "Poodle" protection
# Add and Enable TLS 1.1 for client and server SCHANNEL communications
# Add and Enable TLS 1.2 for client and server SCHANNEL communications
# Re-create the ciphers key.
# Disable insecure/weak ciphers. 'DES 56/56', 'RC2 128/128', 'RC2 40/128', 'RC2 56/128', 'RC4 40/128', 'RC4 56/128', 'RC4 64/128', 'RC4 128/128'
# Enable new secure ciphers. RC4 and 3DES
# Set hashes configuration. Force md5 and sha
# Set KeyExchangeAlgorithms configuration.
# Set cipher suites order as secure as possible (Enables Perfect Forward Secrecy).
Key note that if you disable ssl 3 windows xp users on ie 6/7 will no longer be able to access your site but it will prevent your site from being attacked.
If you would like more information about this script, please contact firstname.lastname@example.org.