Windows Server 2012 - SSL Cypher Suite Order Not Long Enough
Posted
by
Sam
on Server Fault
See other posts from Server Fault
or by Sam
Published on 2013-10-31T15:07:42Z
Indexed on
2013/10/31
15:58 UTC
Read the original article
Hit count: 305
I want to re-order the cypher suites on our new Windows Server 2012 box to help mitigate the BEAST vulnerability for our clients. I went to Local Group Policy => Computer Configuration => Administrative Templates => Network => SSL Configuration Settings
, opened SSL Cypher Suite Order, enabled it, and copied the values from the SSL Cypher Suites textbox.
I pasted them into notepad, re-ordered them, then copied+pasted them back into the SSL Cypher Suites textbox. However, the box isn't long enough to hold them all, despite the fact that the length didn't change. I would have to drop the last 3 cyphers (SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA
) in order for it to fit.
Should I just drop them? Other ideas?
© Server Fault or respective owner