Windows Server TechCenter >

Windows Server Forums >

Windows 2012: PKI: AES_256_CBC ?

Windows 2012: PKI: AES_256_CBC ?

Tuesday, December 04, 2012 7:05 PM

0
Hello,

I've set up in a test environment a Windows Server 2012 DataCenter machine with
a Domaincontroller and an enterprise Root CA.

If I open up an internal https website and take a look at the certificate I see the following information:

The connection uses TLS 1.1
The connection ins encrypted using AES_128_CBS, with SHA1 for message authentication and
ECDHE_ECDSA as the key exchange machanism.

However, how can I replace AES_128_CBC by AES_256_CBC?
As far as I am right, I need a Suite B PKI.
I followed the Guide "Suite B PKI Step-by-Step Guide" on TechNet but even after
making the described changes the encryption is still AES_128_CBC.

Thanks in advance.
- Moved by Aiden_CaoMicrosoft Contingent Staff, Moderator Wednesday, December 05, 2012 6:25 AM more appropriate (From:General)
- Reply
- Quote

All Replies

Thursday, December 06, 2012 2:01 AM

Moderator

0
Hi,

Thanks for your post.

Hope the following article helps.

Select a Machine Key Encryption Method (IIS 7)

http://technet.microsoft.com/en-us/library/cc772271(v=ws.10).aspx

Misbehaving HTTPS Servers impair TLS 1.1 and TLS 1.2

http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx

(Funny) browsers: SSL/TLS connection details

http://www.carbonwind.net/blog/post/%28Funny%29-browsers-SSLTLS-connection-details.aspx

Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,

Aiden
Aiden Cao
TechNet Community Support
- Proposed As Answer by Aiden_CaoMicrosoft Contingent Staff, Moderator Tuesday, December 11, 2012 2:40 AM
- Marked As Answer by Aiden_CaoMicrosoft Contingent Staff, Moderator Wednesday, December 12, 2012 1:45 AM
- Reply
- Quote

Frequently asked questions - Forums help