I have two EDI servers, A and B. Trading Partners connect using TLS.
One trading partner is cannot connect to server B, but can connect to server A.
The issue apparently is that the cipher suites on A are different than what is on B. The reason for this is that B has had Windows Updates applied, but not A.
So I would like to put all the cipher suites back on B that were there originally before the updates so that they are the same. This should allow the partner to connect successfully.
I have used SSLLabs to run a report on the cipher suites, and this is the list that is on A, but not B:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_RC4_128_MD5 (0x4)
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)
How do I enable/install these cipher suites?
This blog post covers how to do add/remove cipher suites.
In a nutshell, there is a local computer policy setting called "SSL Configuration Settings" that determines the order of the suites used, as well as which are used.
There is also a free GUI tool that lets you add/remove cipher suites.