Click here to Skip to main content
15,355,050 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
I have few weak ciphers on my windows server 2012 but when I disable them my website stop working which is hosted on that server. Can anyone help me what should I do that my website should be working after removing these ciphers.

Here are my all weak ciphers.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128

What I have tried:

I disabled all these weak ciphers but after that my application got break.
Updated 28-Jan-21 22:41pm

1 solution

It's not clear what you mean by your application breaking. But if you want to disable weak ciphers, the simplest option is to use the IIS Crypto tool:

Nartac Software - IIS Crypto[^]

You'll probably need to reboot your server after making changes.

You'll also need to make sure your client has at least one compatible cipher suite enabled. You can use an online scanner such as Qualys SSL Labs[^] to check for compatibility with most clients.
IamWsk 2-Feb-21 3:51am
Thank you, application breaking means my website stopped working after removing all weak ciphers even though I had the 2 strong ciphers.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900