I have the following cipher suites enabled on Windows Server 2012 R2 server.
However, when I run SSL Labs test, the test discovers only the following cipher suites and the test reports This server does not support Authenticated encryption (AEAD) cipher suites. Grade will be capped to B from March 2018..
Why are the _GCM_ cipher suites missing in the test report? How to fix that?
Note: The web is delivered via IIS. Yeah, I have restarted the server. The GCM cipher suites should be the one that the AEAD message is talking about as of this answer.
Best Answer
You show various *ECDSA*GCM* ciphers as enabled. But these are all cipher suites which require an ECDSA certificate, i.e. with an ECC public key. My guess is that you instead use the more common RSA certificate which means that no ECDSA ciphers can be used. Instead you would need to enable *RSA*GCM* ciphers, for example
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256