Dec 12 2017 01:53 PM
Hey Everybody,
Since we released an update to support TLS 1.1 and 1.2 on Server 2008 SP2 ( https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-wi... ) does anybody know if we have also released a an updated Cipher Suite support matrix for 2008 SP2? I believe it is basically bringing it up the same as Windows 7 but I cant confirm this or find any supporting documentation.
With the update released, I am looking for an updated version of this page ( https://msdn.microsoft.com/library/ff468651(vs.85).aspx ) for Server 2008 SP2.
Any input or a shove in the right direction would be helpful!
Thanks!
Feb 08 2018 08:13 AM
I really need this too - can't connect to SagePay as they don't support any of the existing ciphers.
Only their test servers are set up like that right now but soon they will roll out the changes to production.
Feb 08 2018 08:24 AM - edited Feb 08 2018 11:54 AM
Check the package details tab. KB4019276 has been replaced by newer updates.
Feb 08 2018 08:42 AM
I heard back from Support and the PG. Looks like the link for Cipher Suites used in Vista is also accurate for Server 2008 SP2 even though it does not say it. The other links surround Ciphers are going to be updated as well to reflect the changes with the updates for various OSes. But as for Server 2008 SP2, this link is applicable.
https://msdn.microsoft.com/en-us/library/windows/desktop/ff468651(v=vs.85).aspx
Feb 08 2018 10:03 AM
Ah, didn't see that it was updated, I'll install that and see if it adds some new ones.
Thank you both for your help.
Feb 08 2018 10:16 AM
Its not updated yet...but there shouldn't be any new Ciphers for 2008 SP2. It should be the same as the link for Vista. IF not, we got other issues :)
Feb 08 2018 11:28 AM
Oh.
That's not looking good for me - they're all SHA1.
The only ciphers that will be supported by SagePay are:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
Guess we'll have to bite the bullet and move the application.