Avatar of Tessando
TessandoFlag for United States of America asked on

"Go To" Documentation for Certain Cipher Suites To Determine Usage on Windows Server 2016

I am attempting to apply best practices when it comes to the Cipher Suites that I allow to be present on some Windows 2016 servers (instances). I have downloaded and applied IIS Crypto, using the PCI 3.2 Template. This is a good place to start. 


There are six Cipher Suites that I don't know what they "do". [1] For example, on Qualys they list "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" as an Android 9.0 Handshake simulation. That sort of thing. Then, based off that information, I'm choosing to keep or remove that Cipher Suite. 


I'm looking for documentation that would be relative to modern day browsers/servers. Do you have any "go to" places to determine what these Cipher Suites are used for?


Thanks!


[1]

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

GolangWindows OSWindows Server 2016Windows 10Azure

Avatar of undefined
Last Comment
arnold

8/22/2022 - Mon
arnold

Please clarify what you mean.
Ciphers are used to Encrypt/Data between two ends.

The name is a difference in terms of key bit size, and ..

you may wish to check whether the SHA ones should be disabled..

You could use the ssllabs.com to test your server side suitability/quality.
as well as use ssllabs.com from a client, like a browser to test the available/suitability.

it also includes recommendation that I think your question implies.
ASKER CERTIFIED SOLUTION
Tessando

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
arnold

You ate misreading and misinterpreting the information.

Cipher and transport

Android in above is of a client system ....

Ciphers are negotiated between the client and the server along with the transport layer.
They commonly try to get the highest available to both.

The ciphers and TLS are standards available in different degrees to all systems and clients.

Point the android reference is not a significant as you seem to think.

It coul very well had been point to any other client.

Each TlS level has a ciphers that canbe negotiated for that type of connection.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23