question

SylvainCrouet-3868 avatar image
0 Votes"
SylvainCrouet-3868 asked SylvainCrouet-3868 answered

ECDHE_ECDSA cipher suites with GCM enabled but not proposed externally

Hello,

I have a fully patched Windows 2012 R2 server with IIS 8.5 as reverse-proxy.
I enabled several ECDHE_ECDSA cipher suites with GCM:
79277-2021-03-18-17h45-57.png

But the Qualys SSL Server test sees only one:
79297-2021-03-18-17h48-00.png

Can someone help me find a solution to have all enabled ECDHE_ECDSA cipher suites with GCM appear?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SylvainCrouet-3868 avatar image
0 Votes"
SylvainCrouet-3868 answered

Hi,

Thanks to Azure support, I discovered that it's related to the ECC key length. For example, with a 256-bits key, only cipher suites ending with P256 can be used. Thus, to use AES_256_GCM suites, I need a 384- or 521-bits key.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KarlieWeng-MSFT avatar image
0 Votes"
KarlieWeng-MSFT answered

Hello @SylvainCrouet-3868


Currently in Microsoft Q&A we support: https://docs.microsoft.com/en-us/answers/products/

Please post your issue in StackOverflow. Users there are more familiar with this issue and are better at solving it.

Stack Overflow is an open community for anyone that codes. We help you get answers to your toughest coding questions, share knowledge with your coworkers in private, and find your next dream job.

Best Regards
Karlie


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SylvainCrouet-3868 avatar image
0 Votes"
SylvainCrouet-3868 answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SylvainCrouet-3868 avatar image
0 Votes"
SylvainCrouet-3868 answered KarlieWeng-MSFT commented

Well, StackOverflow doesn't accept my question because it's about "networking-related infrastructure administration". And it is, indeed.
Would it be possible to move my question to the correct topic? Maybe the windows-server-infrastructure?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi

I have a trick about the tag, if you are not sure what's the tag should be , just type keywords in this link https://docs.microsoft.com/en-us/answers/index.html, and check what others have given. if no similiar issue, then the question may not support in this forum. :)

83799-image.png


0 Votes 0 ·
image.png (109.2 KiB)
SylvainCrouet-3868 avatar image
0 Votes"
SylvainCrouet-3868 answered

Hi,

My question is not about a connection from the Windows server like RustyShort-9392, but to it. Thus, maybe we can change the tag for "windows-server-2012".

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.