SSL Cipher Suite OrderID: oval:org.secpod.oval:def:19049 | Date: (C)2014-05-29 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
The SSL Cipher Suite Order machine setting should be configured correctly.
Determines the cipher suites used by the Secure Socket Layer (SSL).
If this setting is enabled, SSL cipher suites will be prioritized in the order specified.
If this setting is disabled or not configured, the factory default cipher suite order will be used. SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_RC4_128_SHA
* TLS_RSA_WITH_3DES_EDE_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA
* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
* TLS_RSA_WITH_RC4_128_MD5
* SSL_CK_RC4_128_WITH_MD5
* SSL_CK_DES_192_EDE3_CBC_WITH_MD5
* TLS_RSA_WITH_NULL_SHA
* TLS_RSA_WITH_NULL_MD5
TLS 1.2 SHA256 and SHA384 cipher suites:
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
* LS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
* TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
* TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_NULL_SHA256
TLS 1.2 ECC GCM cipher suites:
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Network\SSL Configuration Settings\SSL Cipher Suite Order
(2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002\Functions
Platform: |
Microsoft Windows Server 2008 R2 |