Windows Logon Agent now only supports TLS1.2. The administrator may want to configure safer cipher suites for SSL connections.
The general way for an administrator to configure is to add or remove cipher suites in the registry editor. The path to do this is "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002" and configure ciphers for the multi-string value "Functions".
After changing the settings, the agent service needs to be restarted.
As the string definition of OpenSSL ciphers (we are using OpenSSL in our code) is different with the counterpart of RFC ciphers, we provide a mapper file "sslciphermap" under the installation folder for the program to check.
Use NMap tool to check if the configuration take effect on port 14284. Command line:
"nmap -sV --script ssl-enum-ciphers -p 14284 <host>"