Tuesday, December 04, 2012 7:05 PM
I've set up in a test environment a Windows Server 2012 DataCenter machine with
a Domaincontroller and an enterprise Root CA.
If I open up an internal https website and take a look at the certificate I see the following information:
The connection uses TLS 1.1
The connection ins encrypted using AES_128_CBS, with SHA1 for message authentication and
ECDHE_ECDSA as the key exchange machanism.
However, how can I replace AES_128_CBC by AES_256_CBC?
As far as I am right, I need a Suite B PKI.
I followed the Guide "Suite B PKI Step-by-Step Guide" on TechNet but even after
making the described changes the encryption is still AES_128_CBC.
Thanks in advance.
- Moved by Aiden_CaoMicrosoft Contingent Staff, Moderator Wednesday, December 05, 2012 6:25 AM more appropriate (From:General)
Thursday, December 06, 2012 2:01 AMModerator
Thanks for your post.
Hope the following article helps.
Select a Machine Key Encryption Method (IIS 7)
Misbehaving HTTPS Servers impair TLS 1.1 and TLS 1.2
(Funny) browsers: SSL/TLS connection details
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
TechNet Community Support