Ssl – Which ciphers satisfies the “Authenticated encryption (AEAD) cipher suites” SSL Labs test requirement

sslssl-certificate

I've run SSL Labs test and it reports a warning that This server does not support Authenticated encryption (AEAD) cipher suites. Grade will be capped to B from March 2018.

Unfortunately, I have found nowhere nor in the linked documentation which ciphers are the ones which are missing.

What are meant under the "Authenticated encryption (AEAD) cipher suites"?

The server runs Windows Server 2012 R2.

Best Answer

I'm currently working on the same problem myself and I'll link the answer here: Security Exchange AEAD suites

The gist of it is as follows: All the suites for Windows Server 2012 R2 are the AES GCM suites, like these:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384

If you didn't find it already, Microsoft has a SSL/TLS suite overview for all suites, default and non-default.

Best Answer

Related Solutions

Ssl – Enabling cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) on Windows Server 2003+ISA 2006

Ssl – Unable to disable SSLv3 in Apache for POODLE

Related Topic