There are cases where the back-end server prefers a cipher suite that is not desirable for some reason, or it is not supported
( for example ECDHE cipher is not supported in reverse proxy deployment as of the writing of this KB, and there are servers that prefers ECDHE cipher if it is offered by the client). this KB goes over the steps on how to change this behavior from the web server side which runs newer versions of MS Windows OS.
In the newer versions of Windows ( Windows 7 , 8, 2008, and 2012) there is a GPO to activate or reorder any of the supported cipher suites, here are the steps:
1- open GPO snap-in ( start > run > mmc > add snap-in > GPO
2- browse to "Computer Configuration > Administrative Templates > Network > SSL Configuration setting
double click "SSL Cipher Suite Order
4-Cipher suites are in comma-separated format, and listed by order, reorder or remove as required and then click Apply/OK
gpupdate from command line to refresh GPO's on the server.
Imported Document ID: 000022903
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.