Update to add new cipher suites to Internet Explorer and Microsoft Edge in Windows

Note: The Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022 (for a list of what's in scope, see the FAQ). The same IE11 apps and sites you use today can open in Microsoft Edge with Internet Explorer mode. Learn more here.

About this update

This article describes an update in which new TLS cipher suites are added and cipher suite default priorities are changed in Windows RT 8.1, Windows 8.1, Windows Server 2012 R2, Windows 7, or Windows Server 2008 R2. These new cipher suites improve compatibility with servers that support a limited set of cipher suites.

Note This is changing the default priority list for the cipher suites. If you have deployed a Group Policy in your environment that has an updated cipher suite priority ordering, this update won't affect those computers where the Group Policy is deployed.

How to get this update

To get this feature, install one of the following update rollups based on your operating system:

Status

Microsoft has confirmed that this is an update in the Microsoft products that are listed in the "Applies to" section.

References

Learn about the terminology that Microsoft uses to describe software updates.

More information

For more information about cipher suites, see Cipher Suites in Schannel.

Cipher suite

FIPS mode enabled

Protocols

Exchange

Encryption

Hash

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Yes

TLS 1.2, TLS 1.1, TLS 1.0

DHE

AES

SHA1

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Yes

TLS 1.2, TLS 1.1, TLS 1.0

DHE

AES

SHA1



TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA
SSL_CK_RC4_128_WITH_MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5




To configure the SSL Cipher Suite Order Group Policy setting, follow these steps:

  1. At a command prompt, enter gpedit.msc, and then press Enter. The Local Group Policy Editor is displayed.

  2. Go to Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.

  3. Under SSL Configuration Settings, select SSL Cipher Suite Order.

  4. In the SSL Cipher Suite Order pane, scroll to the bottom.

  5. Follow the instructions that are labeled How to modify this setting.

Notes

  • You have to restart the computer after you change this setting for the changes to take effect.

  • The list of cipher suites is limited to 1,023 characters.

  • Using Group Policy as described here is the supported method of updating the cipher suite priority ordering. Updating the registry settings for the default priority ordering isn't supported. If you change these registry settings, this update will reset them to the default settings.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!

×