AnsweredAssumed Answered

Microsoft updated the cipher suites on Windows 7

Question asked by hellotls on Nov 11, 2014
Latest reply on Jan 8, 2015 by brihow

After installing today's patches. I found that the cipher suites, signature algorithms and elliptic curves on Windows 7 were updated. Document is here: Microsoft Security Bulletin MS14-066 - Critical

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

signature algorithms: SHA512/RSA, SHA512/ECDSA, SHA256/RSA, SHA384/RSA, SHA1/RSA, SHA256/ECDSA, SHA384/ECDSA, SHA1/ECDSA, SHA1/DSA

Elliptic curves: secp521r1 added


Cipher Suites (in order of preference)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   Forward Secrecy 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy 128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a)   Forward Secrecy* 256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40)   Forward Secrecy* 128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38)   Forward Secrecy* 256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32)   Forward Secrecy* 128
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13)   Forward Secrecy* 112
TLS_RSA_WITH_RC4_128_SHA (0x5) 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) 128