0
votes

Thanks in advance for reading. I'm using Win Server 2012 R2 to dish out group policies.

I've created a GPO to define the SSL Cipher Suite Order under Policies > Admin Templates > Network > SSL Confugration Settings and have set it to "Enabled".

I'm using a list of strong cipher suites from Steve Gibsons website found here.

I've put them all on 1 long line as it states to do.

I've also manipulated a default registry value located at:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\Default\00010002 

These are the same values I'm using from Gibsons site - on separate lines with no commas

My registry values change but I cannot get the SSL Configuration settings to display "Enabled"

Does anyone have insight on how to correct this issue?

1

1 Answers

0
votes

Also struggled with this problem. There's no need to manipulate the registry key. You'll get this GPO enabled only if the string is not longer than 1023 characters. See also https://support.microsoft.com/en-us/help/3161639

Hope this helps...