Link to home
Start Free TrialLog in
Avatar of Tessando
TessandoFlag for United States of America

asked on

"Go To" Documentation for Certain Cipher Suites To Determine Usage on Windows Server 2016

I am attempting to apply best practices when it comes to the Cipher Suites that I allow to be present on some Windows 2016 servers (instances). I have downloaded and applied IIS Crypto, using the PCI 3.2 Template. This is a good place to start. 

There are six Cipher Suites that I don't know what they "do". [1] For example, on Qualys they list "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" as an Android 9.0 Handshake simulation. That sort of thing. Then, based off that information, I'm choosing to keep or remove that Cipher Suite. 

I'm looking for documentation that would be relative to modern day browsers/servers. Do you have any "go to" places to determine what these Cipher Suites are used for?









Avatar of arnold
Flag of United States of America image

Please clarify what you mean.
Ciphers are used to Encrypt/Data between two ends.

The name is a difference in terms of key bit size, and ..

you may wish to check whether the SHA ones should be disabled..

You could use the to test your server side suitability/quality.
as well as use from a client, like a browser to test the available/suitability.

it also includes recommendation that I think your question implies.
Avatar of Tessando
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You ate misreading and misinterpreting the information.

Cipher and transport

Android in above is of a client system ....

Ciphers are negotiated between the client and the server along with the transport layer.
They commonly try to get the highest available to both.

The ciphers and TLS are standards available in different degrees to all systems and clients.

Point the android reference is not a significant as you seem to think.

It coul very well had been point to any other client.

Each TlS level has a ciphers that canbe negotiated for that type of connection.