This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 52%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hello,
I host a Windows 2012 r2 Server & Windows 2016 Server and looking for some help with respect to SSL ciphers.
Below are 2 ciphers for which I have a question:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
Why is the stronger form not in Windows Server 2012R2? Is there any way or patch available for windows 2012r2 which can be installed so that we can have these ciphers available in the server to be enabled/disabled.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYK%3C/text%3E%3C/svg%3E)
You have to set the minimum dh length to 2048 bits on server 2012 r2 on your end.
It is a simple registry key to add and reboot and will keep you compliant with latest PCI standards
https://learn.microsoft.com/en-us/security-updates/securityadvisories/2016/3174644
You can follow along here to add them.
https://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/
--please don't forget to Accept as answer if the reply is helpful--
Hi,
Check out the article below describes an update in which new TLS cipher suites are added and cipher suite priorities are changed in Windows Server 2012 R2:
https://support.microsoft.com/en-us/help/2929781/update-adds-new-tls-cipher-suites-and-changes-cipher-suite-priorities
**
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.