0
I'm trying to automate the adding of cipher suite strings with group policy as done in the last step of this post: https://vanbrenk.blogspot.com/2016/05/disable-ssl-30-weak-ciphers-and-enable.html
He uses a .reg file for TLS, so I'm guessing if it was possible to alter the cipher suite strings with a .reg file he would have done it. If it is, please let me know how.
If not possible with a .reg file, what about Powershell 2.0?
user8897013
Posted 2019-04-20T00:34:27.653
Reputation: 11
Good suggestion to use IIS Crypto to set it up and then export the key, however, the acceptable cipher list and it's order is not preserved when importing the schannel keys. While it does set some registry keys associated with cipher suites, I'm not so sure this ordered list is actually stored in the registry. I think it is apart of the group policy. If so, is it possible to apply this cipher list string with a simple file? – user8897013 – 2019-04-24T08:05:41.777
What do you mean by the order is not preserved? In what order do you want them? Alphabetical? Category? – Aura – 2019-04-24T19:11:53.593
Sorry for the delay here. There is an ordering for which ciphers are used first over others for compatibility (so that stronger ones can be preferred). Are you not familiar with this aspect? – user8897013 – 2019-05-08T19:29:50.067