Windows Server 2012 R2 TLS 1.2 Cipher Suites

Rusty Short 16 Reputation points
2021-01-12T14:41:41.363+00:00

Hello - I have a .Net application that accesses an external website to retrieve data. The external website removed TLS 1.1 support and only supports the following TLS 1.2 cipher suites: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 The application works fine when being run from Windows Server 2016 or later (including Win10) but is not able to access the external site when being run on Windows Server 2012 R2 or earlier versions. I understand Server 2008 is end of life but Server 2012 R2 should still be supported, I would think. From what I understand, it appears these specific cipher suites are not available for Server 2012 R2. Will they ever be available, or is there some other way to have my application work with the existing available cipher suites? Thank You

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,532 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,292 questions

9 answers

Sort by: Newest
Most helpful Newest Oldest
  1. MrDoug 11 Reputation points
    2021-08-12T15:14:55.737+00:00

    I think the OS upgrade is needed. I've tested on newer OS and Windows 10 and everything works. Check out this page for supported versions: https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel

    Browsers seem to use their own code, but in my .net app there is not much you can do.

    Good luck

    1 person found this answer helpful.
    0 comments
  2. Sagar Ayadi 1 Reputation point
    2021-08-12T14:44:39.717+00:00

    I am also facing the same issue by any chance we can resolve this issue without Updating the Server from 2012 R2 to 2016 or any other ?

    I am stuck with this issue from last two days but nothing helped yet.

    0 comments
  3. MrDoug 11 Reputation points
    2021-08-10T23:24:28.023+00:00

    I'm having same issue due to requirements posting to the site: https://www.fcc.gov/media/radio/haat-calculator, if you look at the SSL Labs Cipher Suites for that site, it wants the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Or TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS 1.2.

    Since these are not supported is an OS upgrade the only option to get my program to work on Win Server 2012 R2?

    0 comments
  4. Nix, Jason 1 Reputation point
    2021-05-11T20:00:56.133+00:00

    I have a question, too...

    We recently ran into issues at 2 customer sites where calls from our .NET Core service using HttpClient fails with Handshake error (40) when posting to an https Apache server. We confirmed no "available" cipher suites in the CLient Hello were accepted by the server. The odd thing is that Postman can run from that same server and it DOES have an acceptable cipher. The one in question that we saw accepted by Postman Client Hello is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and this one ISN'T offered in "our" call (.NET COre 2.8 HttpClient).

    We have seen this on both Server 2012 R2 and Server 2016 Standard. I can maybe understand 2012 R2 failing, because it doesn't look like this cipher is available in that OS, but then why does Postman work?

    Is there any way to enable this cipher in 2012 R2?

    What about 2016? Is it possible that cipher is allowed but just disabled?

    This is all a little fuzzy for me still. Also, what tools are you using to see this information above (SSL Cipher Suite Order)?

    Thanks in advance,
    Jason

  5. Dave Patrick 426.1K Reputation points MVP
    2021-01-12T20:42:14.467+00:00

    Ok, gotcha. Those are not available for Server 2012 R2. They did not show up until Windows 10/Server 2016
    https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-10-v1607

    --please don't forget to Accept as answer if the reply is helpful--