Windows Server 2012 - SSL Cypher Suite Order Not Long Enough

Posted by Sam on Server Fault See other posts from Server Fault or by Sam
Published on 2013-10-31T15:07:42Z Indexed on 2013/10/31 15:58 UTC
Read the original article Hit count: 305

Filed under:
|
|

I want to re-order the cypher suites on our new Windows Server 2012 box to help mitigate the BEAST vulnerability for our clients. I went to Local Group Policy => Computer Configuration => Administrative Templates => Network => SSL Configuration Settings, opened SSL Cypher Suite Order, enabled it, and copied the values from the SSL Cypher Suites textbox.

I pasted them into notepad, re-ordered them, then copied+pasted them back into the SSL Cypher Suites textbox. However, the box isn't long enough to hold them all, despite the fact that the length didn't change. I would have to drop the last 3 cyphers (SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA) in order for it to fit.

Should I just drop them? Other ideas?

© Server Fault or respective owner

Related posts about security

Related posts about ssl