Today I scanned one of our hosts and noticed that two protocols that I don't remember being weak two weeks ago, are now considered weak:
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (
0x9f) DH 1024 bits (p: 128, g: 128, Ys: 128) FS
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (
0x9e) DH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAK
Is there any way to disable these cipher suites on Windows Server 2012 R2 (e.g. by excluding them from reordering?).