locked
SSL/TSL ciphers in Windows 7 RRS feed

  • Question

  • Hello,

    Running an HTTPS server in a .NET 4.0 (C#) standalone app on Windows 7 Pro, using the HttpListener class (not managed under IIS or other web service, because it only needs to do 1 simple thing & reroute over other socket comms). I created a self-signed certificate, bound it to Port 443 with netsh, and it works.

    My problem is the few Cipher Suites that Windows 7 has enabled, does not match up with our clients that are running OpenSSL 0.9.8y.

    I first used MMC to enable Cipher Suite Order, and made sure to include my top 2 desired ciphers (list below) but this had no effect.

    So now I have edited the Windows registry based on this article, and am awaiting the results (sorry I can't yet post a link): Knowledge Base 245030

    My main questions are, in addition to the steps above, is there any way to:

    1) specify specific cipher suites to use, either thru Windows or thru C# code.

    2) Install new cipher suites. My preliminary research indicates that this is not possible, it's a question of simply enabling existing ciphers thru the Windows registry.

    Or is there an additional step I'm not aware of to enable/add new ciphers.

    I thank you for any help!

    Here are the desired ciphers I would like my server to support:

    Preferred:

    DHE-RSA-AES256-SHA

    DHE-RSA-AES128-SHA

    Additional:

    DHE-DSS-AES256-SHA

    AES256-SHA

    EDH-RSA-DES-CBC3-SHA

    EDH-DSS-DES-CBC3-SHA

    DES-CBC3-SHA

    DES-CBC3-MD5

    DHE-DSS-AES128-SHA

    AES128-SHA

    RC2-CBC-MD5

    RC4-SHA

    RC4-MD5

    RC4-MD5

    EDH-RSA-DES-CBC-SHA

    EDH-DSS-DES-CBC-SHA

    DES-CBC-SHA

    DES-CBC-MD5

    EXP-EDH-RSA-DES-CBC-SHA

    EXP-EDH-DSS-DES-CBC-SHA

    EXP-DES-CBC-SHA

    EXP-RC2-CBC-MD5

    EXP-RC2-CBC-MD5

    EXP-RC4-MD5

    EXP-RC4-MD5


    Monday, June 3, 2013 1:49 PM

Answers