Cipher suits for TLS 1.2

Question

I have scan my website using https://www.ssllabs.com/ssltest/analyze.html and found that our sites has below cipher suites:

TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112

But I want to change this cipher suits for TLS 1.2

So can anyone guide me that how to change cipher suites?

Why would you intentionally add weak suites that don't support forward secrecy? If a connecting client is out of date, update the client, don't downgrade the server... — Luke Joshua Park
I want to know that how to change cipher suites? and where this cipher suites are set? — user3231483

Prateek Shrivastava Prateek Shrivastava · Accepted Answer · 2018-05-02T09:00:14

If your Server is Windows then launch gpedit.msc:

Then Navigate to: Local Computer Policy > Administrative Templates > Network > SSL Configuration Settings -> SSL Cipher Suite Order

Obviously you will have to be Admin user.

Cipher suits for TLS 1.2

TLS 1.2 (suites in server-preferred order)

1 Answers