Skip to content

Latest commit

 

History

History
55 lines (31 loc) · 2.98 KB

windows-server-2022.md

File metadata and controls

55 lines (31 loc) · 2.98 KB

Default enabled cipher suite order

Recommended cipher suite order

Cipher suite string Allowed by SCH_USE_STRONG_CRYPTO TLS/SSL Protocol versions
TLS_AES_256_GCM_SHA384 Yes TLS 1.3
TLS_AES_128_GCM_SHA256 Yes TLS 1.3
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Yes TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 No TLS 1.2
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_RSA_WITH_AES_128_GCM_SHA256 Yes TLS 1.2
TLS_RSA_WITH_AES_256_CBC_SHA256 Yes TLS 1.2
TLS_RSA_WITH_AES_128_CBC_SHA256 Yes TLS 1.2

Configuring Strong Ciphers

Method 1: Using GPO

Computer Configuration\Administrative Templates\Network\SSL Configuration Settings\SSL Cipher Suite Order


TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256

Method 2: Using Registry Editor

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002

References