Newest MS14-066 Patch Resets Ciphers and Prioritization

Discussion created by cschum on Nov 18, 2014

I just installed the replacement MS14-066 patch on Server 2008 R2 and it reset my available cipher suites (i.e. enabled some I had previously disabled) and it also reprioritized them so that the ones capable of Forward Secrecy (FS) were not first.  As you may or may not know, if the FS cipher suites aren't prioritized first then you don't get the benefits of FS.


I just wanted to share so that if you installed the new patch you were aware that you needed to go back and make sure the ciphers you want are enabled, the ciphers you don't want are disabled and the prioritization of the enabled ciphers puts the ones capable of Forward Secrecy first on the list, so Forward Secrecy is actually used.


Also, I wanted to note that you don't have to enable the new ciphers MS released with the MS14-066 patch.  If you want to, great!  But if not, you aren't forced to use them.  Just use whatever you did before.