Versions Compared

Old Version 7

changes.mady.by.user Paul Ruvin

Saved on

compared with

New Version Current

changes.mady.by.user Paul Ruvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Supported Server Cipher(s): Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253 Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253 Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253 Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2

The supported OpenSSL ciphers can be seen in https://docs.openssl.org/1.1.1/man1/ciphers/#tls-v12-cipher-suites

Seperate the Ciphers with a colon ":".

Windows Logon Agent Version 6.9.0125 build 1112 upwards already includes stong ciphers such as TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256, howver if additional ciphers are required, these can be created in the registry, as per example above.

256 bits AES256-GCM-SHA384 Accepted TLSv1.2 128 bits AES128-GCM-SHA256



Expand
titleFor Windows Logon Agent v6.x...

The general way for an administrator to configure is to add or remove cipher suites in the registry editor. The path to do this is "HKEY_LOCAL_MACHINE\SOFTWARE\Deepnet Security\DUAP\WIN" and configure ciphers for the multi-string REG_SZ values "TLS12Ciphers and TLS13Ciphers".

Supported Ci[phers are as follows:

Code Block


After changing the settings, the agent service needs to be restarted.

...