Edit

TLS Cipher Suites in Windows 8.1

  • Article

Cipher suites can only be negotiated for TLS versions which support them. The highest supported TLS version is always preferred in the TLS handshake. For example, SSL_CK_RC4_128_WITH_MD5 can only be used when both the client and server do not support TLS 1.2, 1.1 & 1.0 or SSL 3.0 since it is only supported with SSL 2.0.

Availability of cipher suites should be controlled in one of two ways:

  • Default priority order is overridden when a priority list is configured. Cipher suites not in the priority list will not be used.
  • Allowed when application passes SCH_USE_STRONG_CRYPTO: The Microsoft Schannel provider will filter out known weak cipher suites when the application uses the SCH_USE_STRONG_CRYPTO flag. In Windows 8.1, RC4 cipher suites are filtered out.

Important

HTTP/2 web services fail with non-HTTP/2-compatible cipher suites. To ensure your web services function with HTTP/2 clients and browsers, see How to deploy custom cipher suite ordering.

 

FIPS-compliance has become more complex with the addition of elliptic curves making the FIPS mode enabled column in previous versions of this table misleading. For example, a cipher suite such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is only FIPS-compliant when using NIST elliptic curves. To find out which combinations of elliptic curves and cipher suites will be enabled in FIPS mode, see section 3.3.1 of Guidelines for the Selection, Configuration, and Use of TLS Implementations.

Windows 8.1 and Windows Server 2012 R2 are updated by Windows Update by the update 2919355 applied which adds the new cipher suites and changes the priority order. The following cipher suites are enabled and in this priority order by default by the Microsoft Schannel Provider:

Cipher suite string Allowed by SCH_USE_STRONG_CRYPTO TLS/SSL Protocol Versions
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
 Yes
 TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
 Yes
 TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
 Yes
 TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
 Yes
 TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 Yes
 TLS 1.2
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 Yes
 TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_RSA_WITH_AES_256_GCM_SHA384
 Yes
 TLS 1.2
TLS_RSA_WITH_AES_128_GCM_SHA256
 Yes
 TLS 1.2
TLS_RSA_WITH_AES_256_CBC_SHA256
 Yes
 TLS 1.2
TLS_RSA_WITH_AES_128_CBC_SHA256
 Yes
 TLS 1.2
TLS_RSA_WITH_AES_256_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_RSA_WITH_AES_128_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
 Yes
 TLS 1.2
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
 Yes
 TLS 1.2
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_RSA_WITH_3DES_EDE_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_RSA_WITH_RC4_128_SHA
 No
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_RSA_WITH_RC4_128_MD5
 No
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_RSA_WITH_NULL_SHA256
Only used when application explicitly requests.
 Yes
 TLS 1.2
TLS_RSA_WITH_NULL_SHA
Only used when application explicitly requests.
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
SSL_CK_RC4_128_WITH_MD5
Only used when application explicitly requests.
 No
 SSL 2.0
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
Only used when application explicitly requests.
 Yes
 SSL 2.0

 

The following cipher suites are supported by the Microsoft Schannel Provider, but not enabled by default:

Cipher suite string Allowed by SCH_USE_STRONG_CRYPTO TLS/SSL Protocol versions
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
 Yes
 TLS 1.2
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
 Yes
 TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
 Yes
 TLS 1.2
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0
TLS_RSA_WITH_DES_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
 No
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_RSA_EXPORT_WITH_RC4_40_MD5
 No
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_RSA_WITH_NULL_MD5
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_DHE_DSS_WITH_DES_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
 Yes
 TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0
SSL_CK_DES_64_CBC_WITH_MD5
 Yes
 SSL 2.0
SSL_CK_RC4_128_EXPORT40_WITH_MD5
 No
 SSL 2.0

 

To add cipher suites, use the group policy setting SSL Cipher Suite Order under Computer Configuration > Administrative Templates > Network > SSL Configuration Settings to configure a priority list for all cipher suites you want enabled.