Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2

Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2

View products that this article applies to.

Introduction

This article describes an update in which new TLS cipher suites are added and cipher suite priorities are changed in Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2. All new cipher suites operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication.

↑ Back to the top

Resolution

Update information

To enable this feature, install update 2919355. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

2919355 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014

↑ Back to the top

Status

Microsoft has confirmed that this is an update in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about cipher suites, go to the following Microsoft website:
Cipher Suites in Schannel
What is PFS?
PFS is a property of key-agreement protocols that makes sure that a session key derived from a set of long-term keys will not be compromised if one of the long-term keys is compromised in the future.
For more information about PFS, go to the Wikipedia website.

New cipher suites
Cipher suiteFIPS mode enabledProtocolsExchangeEncryptionHash
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384YesTLS 1.2DHAESSHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256YesTLS 1.2DHAESSHA256
TLS_RSA_WITH_AES_256_GCM_SHA384YesTLS 1.2RSAAESSHA384
TLS_RSA_WITH_AES_128_GCM_SHA256YesTLS 1.2RSAAESSHA256
New default priority order 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5

↑ Back to the top

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: kb, kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced

↑ Back to the top

Article Info
Article ID : 2929781
Revision : 1
Created on : 1/7/2017
Published on : 4/8/2014
Exists online : False
Views : 159