none
How do I add new cipher suites(listed below) to Windows 2012 R2 and Windows 2008 R2? RRS feed

  • Dotaz

  • I have a client that has enabled below 3 ciphers in their machine

    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    We were initially hitting the endpoint on the above machine via a 2008 R2 machine. Through Wireshark, I found out that we were having a handshake failure because the 3 they mentioned above didn't match with the 19 suites we send across to them in our 'Client Hello'. We found that updated windows might support some of the latest ciphers.

    So yesterday we tried the same from our windows 2012 R2 machine and even though we send about 24 cipher suites in our 'Client Hello' call as seen in Wireshark, nothing matches the 3 the client has enabled in their machine. I went through the supported ciphers mentioned in MS Docs for 2008R2 and 2012R2 and I couldn't find the above 3. Doc was last updated in 2018. I also confirmed the same but checking the list provided in 'SSL Configuration settings' in both the servers. The 3 were not in the list in the settings window.

    How can I add/enable these 3 ciphers in 2008 R2 and 2012 R2?

    Update:
    I found in some forums that it these are supported from server 2016 onwards only. Is there no way to get these 3 enabled in 2012 if not 2008?

    • Upravený Aswin Francis středa 29. dubna 2020 7:45 updated with new found info
    středa 29. dubna 2020 7:19

Všechny reakce

  • Hello,

    Thank you for posting in our TechNet forum.

    According to your description, you want to add three new ciphers in the serber 2008R2 and 2012.

    I did a lot of research and I think that these three ciphers has not been supported in 2008R2 and 2012. I suggest that you could choose other ciphers for these two machines.

    Thanks for your understanding

    Jolin

    Best regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    čtvrtek 30. dubna 2020 7:08
  • Good day!
     
    As we haven’t heard from you for a few days, may I confirm with you on the latest status?
     
    Much appreciated for your response in advance.

    Jolin

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    pondělí 4. května 2020 3:14
  • Believe you are doing well.

    This is a kind follow up on this case. May I know the latest status?

    Thanks and looking forward to your reply

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    čtvrtek 7. května 2020 5:40