Windows Server 2012 R2 TLS 1.2 Cipher Suites

Rusty Short 16 Reputation points
2021-01-12T14:41:41.363+00:00

Hello - I have a .Net application that accesses an external website to retrieve data. The external website removed TLS 1.1 support and only supports the following TLS 1.2 cipher suites: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 The application works fine when being run from Windows Server 2016 or later (including Win10) but is not able to access the external site when being run on Windows Server 2012 R2 or earlier versions. I understand Server 2008 is end of life but Server 2012 R2 should still be supported, I would think. From what I understand, it appears these specific cipher suites are not available for Server 2012 R2. Will they ever be available, or is there some other way to have my application work with the existing available cipher suites? Thank You

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,528 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,234 questions

9 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MrDoug 11 Reputation points
    2021-08-12T15:14:55.737+00:00

    I think the OS upgrade is needed. I've tested on newer OS and Windows 10 and everything works. Check out this page for supported versions: https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel

    Browsers seem to use their own code, but in my .net app there is not much you can do.

    Good luck

    1 person found this answer helpful.
    0 comments
  2. Dave Patrick 426.1K Reputation points MVP
    2021-01-12T14:50:50.393+00:00

    Here's what available
    https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-8-1

    This one shows how you can add them.
    https://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/

    --please don't forget to Accept as answer if the reply is helpful--

  3. Dave Patrick 426.1K Reputation points MVP
    2021-01-12T15:53:20.093+00:00

    I'd check that windows is patched fully then they should be available, (from a 2012 R2 server here)

    55797-image.png

    More info here.
    https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-schannel/ba-p/259233

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  4. Rusty Short 16 Reputation points
    2021-01-12T16:25:31.527+00:00

    Once again, thanks for the reply. I'm terribly sorry if I'm missing something for this is definitely something that I'm not very familiar with. That article is very helpful in explaining the way they work, but it seems to address changing the order the ciphers are referenced or disabling specific ciphers, not adding a cipher that the OS does not already contain and support. I'm not sure how that would be done if it is not supported at the OS level. My previous understanding is the only way those are normally added is from a Windows Update.

    From information in that post, I searched and found this TechNet post:

    https://social.technet.microsoft.com/Forums/en-US/4cdae557-4992-4a7c-ad68-06554bf1b213/how-do-i-add-new-cipher-suiteslisted-below-to-windows-2012-r2-and-windows-2008-r2?forum=winserverPN

    Which seems to suggest it may not be possible.

    If you can direct me to steps on how to ADD new cipher suites, I would very much appreciate it.

  5. Dave Patrick 426.1K Reputation points MVP
    2021-01-12T19:18:20.237+00:00

    For this 2012 R2 there are there I just had to scroll down a bit to find them.

    55814-image.png

    --please don't forget to Accept as answer if the reply is helpful--