I am trying to update the Server preferred Cipher Suite Order on Windows Server 2008, I have followed the blog Update Cipher Suites , but I am still seeing old preferred order in SSL Labs.
Asked
Active
Viewed 407 times
0
-
Did you reboot? Does your server application use the OS cipher suites or its own set of ciphers, such as Java? Note that clients can set cipher order for reasons such as performance, so you can hurt things like lower-powered mobile clients. It's also trivial for a client to determine the cipher suites your server supports and then connect claiming only to support WEAK_CIPHER no matter what your order setting is. If you don't want clients to connect using WEAK_CIPHER, don't support it at all. – Andrew Henle Nov 08 '17 at 12:24
-
@AndrewHenle : Yes, I did reboot, Initially it was using the default OS cipher suites, When tested on SSL Labs, I am getting an F there and I see that all the cipher suites are in RED. I have set a custom preferred order using the Group Policy Editor, But I still do not see any change in order when I tested in SSL labs. – Code_Yoga Nov 08 '17 at 13:53
-
I am doing this because, the Web Services exposed by the Server are not accessible on latest Android OS like 6.0 & 7.0. as they throw an error : SSLHandshakeException : Connection Closed by Peer. – Code_Yoga Nov 08 '17 at 13:55
-
*Web Services exposed by the Server are not accessible on latest Android OS like 6.0 & 7.0. as they throw an error : SSLHandshakeException : Connection Closed by Peer.* You likely have a bigger problem than your cipher suite ordering, then. Why does SSL Labs give your server an F? Given you're running Server 2008, is your web server only supporting older cipher suites? Newer clients tend only to support TLSv1.1 and TLSv1.2. Does your server support those? – Andrew Henle Nov 08 '17 at 14:03