Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2

Article translations Article translations
Article ID: 2929781 - View products that this article applies to.
Expand all | Collapse all

Introduction

This article describes an update in which new TLS cipher suites are added and cipher suite priorities are changed in Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2. All new cipher suites operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication.

Resolution

Update information

To enable this feature, install update 2919355. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base:

2919355 Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update April, 2014

Status

Microsoft has confirmed that this is an update in the Microsoft products that are listed in the "Applies to" section.

More information

For more information about cipher suites, go to the following Microsoft website:
Cipher Suites in Schannel

What is PFS?

Collapse this imageExpand this image
assets folding start collapsed
PFS is a property of key-agreement protocols that makes sure that a session key derived from a set of long-term keys will not be compromised if one of the long-term keys is compromised in the future.
For more information about PFS, go to the Wikipedia website.
Collapse this imageExpand this image
assets folding end collapsed

New cipher suites

Collapse this imageExpand this image
assets folding start collapsed
Collapse this tableExpand this table
Cipher suiteFIPS mode enabledProtocolsExchangeEncryptionHash
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384YesTLS 1.2DHAESSHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256YesTLS 1.2DHAESSHA256
TLS_RSA_WITH_AES_256_GCM_SHA384YesTLS 1.2RSAAESSHA384
TLS_RSA_WITH_AES_128_GCM_SHA256YesTLS 1.2RSAAESSHA256
Collapse this imageExpand this image
assets folding end collapsed

New default priority order

Collapse this imageExpand this image
assets folding start collapsed
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5
Collapse this imageExpand this image
assets folding end collapsed

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2929781 - Last Review: April 8, 2014 - Revision: 1.0
Applies to
  • Windows 8.1 Enterprise
  • Windows 8.1 Pro
  • Windows 8.1
  • Windows RT 8.1
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Foundation
  • Windows Server 2012 R2 Standard
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseadvanced KB2929781

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com