Ensure AES 256/256 Cipher suite is enabled

AES 256/256 is the most recent and mature cipher suite for protecting the confidentiality and integrity of HTTP traffic. Enabling AES 256/256 is recommended. This is enabled by default on Server 2012 and 2012 R2.

To enable the AES 256/256 cipher:

  1. Ensure that the following key does not exist. If it does exist, you can either delete the key or proceed to step 2.
    HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256\
  2. If the key exists, ensure the following is set to 0xFFFFFFFF.
    HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256\Enabled