2

SSL lab test provides grade B for one of my websites due to AEAD issue. I was wondering how we could enable AEAD support to improve the grading to A.

I am using windows server 2008 R2, TLS1.2 is enabled. I tried IIS Crypto [nartac.com/Products/IISCrypto] and not been able to resolve the issue. "This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B. " is the only comment I get from Qualys SSL lab test result.

Dave M
  • 4,514
  • 22
  • 31
  • 30
  • 1
    Guys, first time user. I cannot cast close votes, but please only hit the close button, not the downvote button. – Maarten Bodewes Apr 25 '18 at 17:47
  • As @MaartenBodewes mentioned, there needs to be a more information here before this is answerable. For a start: What web server are you using? What is the exact issue SSLLabs reported? – Xander Apr 25 '18 at 18:06
  • I am using windows server 2008 R2, TLS1.2 is enabled. I tried IIS Crypto [https://www.nartac.com/Products/IISCrypto] and not been able to resolve the issue. "This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B. " is the only comment I get from Qualys SSL lab test result. –  Apr 25 '18 at 18:45

2 Answers2

3

I've been using IIS Crypto as well and same issue. What I've found, by accident, is you probably need to Apply the Server Defaults with no reboot required. THEN apply the best practices or your configuration settings. After I do that, I'm able to get past the B "cap" for AEAD.

Eric
  • 31
  • 2
0

if you use RSA certificate move the TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 cipher suites to the top if you use ECC certificate move the TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suites to the top

dawklrw
  • 1