I've struggled with this for a while, apparently Microsoft tends to cache the DH key and periodically regenerate it. This means it does not regenerate the key for every connection, improving performance (in their opinion).
To disable this open the Registry Editor, there you can set the reuse time to 0 which forces a new key to be generated for every connection. Follow these steps:
- Navigate to HKLM\System\CurrentControlSet\Control\SecurityProviders\Schannel\KeyExchangeAlgorithms\ECDH
- In ECDH click New --> DWORD (32-bit) value
- Value name: EphemKeyReuseTime
- Value data: 0