none
Cipher Suites List - Order of strength RRS feed

  • Question

  • What I would like t know is the correct order of strength from the strongest to the weakest for the Windows Server 2008 R2 Cipher Suites. The server selects the first one from the list that it can match. The default order is as follows:

    SSL2, SSL3, TLS 1.0 and TLS 1.1 cipher suites:

    TLS_RSA_WITH_AES_128_CBC_SHA                
    TLS_RSA_WITH_AES_256_CBC_SHA                
    TLS_RSA_WITH_RC4_128_SHA                    
    TLS_RSA_WITH_3DES_EDE_CBC_SHA               
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256     
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384     
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521     
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256     
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384      
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256   
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384   
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521   
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256   
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384   
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521   
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA            
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA             
    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
    TLS_RSA_WITH_RC4_128_MD5                                      
    SSL_CK_RC4_128_WITH_MD5                     
    SSL_CK_DES_192_EDE3_CBC_WITH_MD5            
    TLS_RSA_WITH_NULL_SHA
    TLS_RSA_WITH_NULL_MD5                       

    TLS 1.2 SHA256 and SHA384 cipher suites:

    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    TLS_RSA_WITH_NULL_SHA256

    TLS 1.2 ECC GCM cipher suites:

    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521

    I just want to confirm that the algorithms are presented in decreasing order of strength, but places the shorter bit-lengths first?

    Thanks

    Thursday, March 27, 2014 11:42 AM