{"id":9379,"date":"2023-07-17T23:41:16","date_gmt":"2023-07-17T21:41:16","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=9379"},"modified":"2024-07-23T22:58:54","modified_gmt":"2024-07-23T20:58:54","slug":"windows-enable-schannel-verbose-logging-to-determine-ciphersuite","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/windows-enable-schannel-verbose-logging-to-determine-ciphersuite\/","title":{"rendered":"Windows: Enable SCHANNEL verbose logging to determine cipher suite"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_9379 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_9379')){$('.twoclick_social_bookmarks_post_9379').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Windows%3A%20Enable%20SCHANNEL%20verbose%20logging%20to%20determine%20cipher%20suite\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Ato%20determine%20which%20CIPHER%20Suite%20a%20TLS%20connection%20uses%20you%20can%20enable%20SCHANNEL%20logging.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/windows-enable-schannel-verbose-logging-to-determine-ciphersuite\\\/\",\"post_id\":9379,\"post_title_referrer_track\":\"Windows%3A+Enable+SCHANNEL+verbose+logging+to+determine+cipher+suite\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>to determine which CIPHER Suite a TLS connection uses you can enable SCHANNEL logging.<br \/>\n<!--more--><br \/>\n<!-- https:\/\/learn.microsoft.com\/de-DE\/troubleshoot\/developer\/webapps\/iis\/health-diagnostic-performance\/enable-schannel-event-logging --><br \/>\nEnable logging and reboot the computer<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nD:\\&gt; reg add HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL \/v EventLogging \/d 7\r\n<\/pre>\n<p>After the reboot each connection is logged in detail to the System EventLog. For example:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nA TLS client handshake completed successfully. The negotiated cryptographic parameters are as follows.\r\n\r\n   Protocol version: TLS 1.2\r\n   CipherSuite: 0xC028\r\n   Exchange strength: 384 bits\r\n   Context handle: 0x2703f511720\r\n   Target name: my.TestServer.org\r\n   Local certificate subject name: \r\n   Remote certificate subject name: C=DE, S=Hetzles, O=my Company, CN=*.TestServer.org\r\n<\/pre>\n<p>To translate the CipherSuite Hex number into the ciphername use<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; &#x5B;system.array](Get-TlsCipherSuite) | ?{ $_.CipherSuite -eq 0xC028 }\r\nKeyType               : 0\r\nCertificate           : RSA\r\nMaximumExchangeLength : 65536\r\nMinimumExchangeLength : 0\r\nExchange              : ECDH\r\nHashLength            : 384\r\nHash                  : SHA384\r\nCipherBlockLength     : 16\r\nCipherLength          : 256\r\nBaseCipherSuite       : 49192\r\nCipherSuite           : 49192\r\nCipher                : AES\r\nName                  : TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\r\nProtocols             : {771, 65277}\r\n<\/pre>\n<p>To get all allowed CipherSuites use<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt;  &#x5B;system.array](Get-TlsCipherSuite) | Select-Object Name\r\n<\/pre>\n<p>The cipher suites can resticted by a Group Policy<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">Computer Configuration\/Administrative Templates\/Network\/SSL Configuration Settings\/SSL Cipher Suite Order<\/pre>\n<p>In the registry the list can be found at:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n&#x5B;HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\Configuration\\SSL&#92;&#48;0010002]\r\n&quot;Functions&quot;=&quot;TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256&quot;\r\n<\/pre>\n<p>Explaintation of the various cipher suites can be found <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/secauthn\/cipher-suites-in-schannel\" rel=\"noopener\" target=\"_blank\">here<\/a>. <\/p>\n<p>and <a href=\"https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-server\/windows-security\/restrict-cryptographic-algorithms-protocols-schannel\" rel=\"noopener\" target=\"_blank\">here <\/a><\/p>\n<p>Michael <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, to determine which CIPHER Suite a TLS connection uses you can enable SCHANNEL logging.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[1995,1994,1992,971,1062,1993,20],"class_list":["post-9379","post","type-post","status-publish","format-standard","hentry","category-windowsknowhow","tag-allowed-ciphersuites","tag-ciphername","tag-enable-logging","tag-hex","tag-schannel","tag-translate","tag-windows-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=9379"}],"version-history":[{"count":13,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9379\/revisions"}],"predecessor-version":[{"id":9816,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9379\/revisions\/9816"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=9379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=9379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=9379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}