IIS will by default support SSLv3 and insecure/weak cipher suites. To disable these protocols add registry keys refered in Technet article : http://support.microsoft.com/default.aspx?scid=kb;EN-US;245030
Or you could run a tool from Nartac Software : https://www.nartac.com/Products/IISCrypto/Default.aspx