How to Update Cipher Suites in Windows Server
A cipher suite is a set of algorithms that help secure a network connection. Suites typically use Transport Layer Security (TLS) or its deprecated predecessor Secure Socket Layer (SSL). The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.
The key exchange algorithm is used to exchange a key between two devices. This key is used to encrypt and decrypt the messages being sent between two machines. The bulk encryption algorithm is used to encrypt the data being sent. The MAC algorithm provides data integrity checks to ensure that the data sent does not change in transit. In addition, cipher suites can include signatures and an authentication algorithm to help authenticate the server and or client.
Open The RUN and Type gpedit.msc and hit Enter button
Group Policy Editor Page will open, here expand and go to SSL Cipher Suite Order location by below steps, Computer Configuration/Administrative Template/Network/SSL Configuration, double click on SSL Cipher Suite Order to open
Once SSL Cipher Suite Order page open, click on Enabled (by default it is in Not Configured).
Take the backup of All the Cipher Suites available under the Options as shown in below image, and keep the backup of Cipher Suites in safe place. (Copy all the Cipher Suites and paste it in Notepad).
After taking backup place/Enter the new Cipher Suites (Strong Cipher TLS 1.2/1.3), click on Apply and Ok button. After that Reboot the Server.
Note:
Before implementing the New Cipher Suites make sure that you have taken the data backup and also check whether your application supports these ciphers.
Some of the Strong Ciphers are below:
# TLS 1.3 (suites in server-preferred order)
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256