From: Jacek Caban <jacek@codeweavers.com>
Subject: [PATCH 3/3] secur32: Disable SSL2 protocol in default settings.
Message-Id: <51570406.3010106@codeweavers.com>
Date: Sat, 30 Mar 2013 16:25:58 +0100

---
 dlls/secur32/schannel.c | 4 ++--
 tools/wine.inf.in       | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/dlls/secur32/schannel.c b/dlls/secur32/schannel.c
index df75b67..ecc189d 100644
--- a/dlls/secur32/schannel.c
+++ b/dlls/secur32/schannel.c
@@ -178,7 +178,7 @@ static void read_config(void)
         BOOL enabled; /* If no config is present, enable the protocol */
         BOOL disabled_by_default; /* Disable if caller asks for default protocol set */
     } protocol_config_keys[] = {
-        {{'S','S','L',' ','2','.','0',0}, SP_PROT_SSL2_CLIENT, TRUE, TRUE},
+        {{'S','S','L',' ','2','.','0',0}, SP_PROT_SSL2_CLIENT, FALSE, TRUE}, /* NOTE: TRUE, TRUE on Windows */
         {{'S','S','L',' ','3','.','0',0}, SP_PROT_SSL3_CLIENT, TRUE, FALSE},
         {{'T','L','S',' ','1','.','0',0}, SP_PROT_TLS1_0_CLIENT, TRUE, FALSE},
         {{'T','L','S',' ','1','.','1',0}, SP_PROT_TLS1_1_CLIENT, TRUE, FALSE /* NOTE: not enabled by default on Windows */ },
@@ -220,7 +220,7 @@ static void read_config(void)
                 if(type != REG_DWORD || value)
                     default_disabled |= protocol_config_keys[i].prot_client_flag;
             }else if(protocol_config_keys[i].disabled_by_default) {
-                    default_disabled |= protocol_config_keys[i].prot_client_flag;
+                default_disabled |= protocol_config_keys[i].prot_client_flag;
             }
 
             RegCloseKey(key);
diff --git a/tools/wine.inf.in b/tools/wine.inf.in
index e7cc5c7..3a84c0c 100644
--- a/tools/wine.inf.in
+++ b/tools/wine.inf.in
@@ -643,6 +643,7 @@ HKLM,System\CurrentControlSet\Control\TimeZoneInformation,"StandardName",2,""
 HKLM,System\CurrentControlSet\Control\TimeZoneInformation,"TimeZoneKeyName",2,""
 HKLM,System\CurrentControlSet\Control\VirtualDeviceDrivers,,16
 HKLM,System\CurrentControlSet\Control\VMM32Files,,16
+HKLM,"%Control%\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client","DisabledByDefault",0x10001,1
 HKCU,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,,,""
 HKCU,Software\Microsoft\Protected Storage System Provider,,16
 ; Some apps requires at least four subkeys of Active Setup\Installed Components