AnsweredAssumed Answered

how to disable TLS_RSA_WITH_AES in windows

Question asked by Bart Kock on Feb 26, 2019
Latest reply on Feb 28, 2019 by Bart Kock

Hello,
I'm trying to fix my Cipher suite validation on:
SSL Server Test (Powered by Qualys SSL Labs) 

the validation says that the following ciphers ar weak:

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)   WEAK     256
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)   WEAK     128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)   WEAK     256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)   WEAK     128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK     256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK
so I disabled the with IISCrypto, Still have to investigate how this works in regedit.
but when I disable those cipher suites. and only those, my grade changes from an A+ to a B

because: "This server does not support Authenticated encryption (AEAD) cipher suites. Grade capped to B."

 

however I never touched AEAD, what am I doing wrong?

Outcomes