Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
4,002 questions
Clarification: CBC based ciphers are found as weak in Testssl tool for tls 1.2v in Windows server 2019.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 68%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Phanendra
0
Reputation points
In Windows server 2019, Testssl tool found CBC based ciphersuites are weak. Are CBC based cipher suites are prone to vulnerable even if they are managed by Windows Schannel. Found an article stating that, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 may show up as weak when you performed an SSL report test. This is due to known attacks toward OpenSSL implementation. Dataverse uses Windows implementation that is not based on OpenSSL and therefore is not vulnerable. https://learn.microsoft.com/en-us/power-platform/admin/server-cipher-tls-requirements
Please provide the clarification for the above, whether the same is applicable to all the CBC based ciphersuites or not?
{count} votes
-
Alex Burlachenko 2,680 Reputation points2025-02-25T08:58:59.1933333+00:00 today I seen the same Q and already answer to that https://learn.microsoft.com/en-us/answers/questions/2182158/is-tls-1-2-cbc-based-cipher-suites-are-vulnerable pleas take a look my answer there.
rgds,
Alex
Sign in to comment
Sign in to answer