Stephan Peijnik-Steinwender

If you modified cipher suites on that server (ie. using IIS Crypto, or directly using the registry keys as described in KB 245030) the script will not work. Prominent warnings...

I just updated the script and added detection for Windows Server 2012 or later and Windows Server 2012 R2 specifically (if testing is conducted against IIS running on port 443)....

Let me comment on that as well. @azet Those cipher suites have been _added_ with the patch set that fixes the vulnerability, according to Microsoft. In a default configuration those...

@users21 Any chance this server is behind some sort of SSL offloading mechanism? Did you try checking against the default RDP port yet (3389)? A false-negative looks weird, especially as...

@users21 Could not reproduce that here. Are you sure those cipher names are _exactly_ the same? ie. DHE-**RSA**-AES256-GCM-SHA384 (which was added by the security fixes) is not the same cipher...

You were right in the first place. Windows Server 2012 R2 does support those ciphers regardless of whether 2992611 is applied or not. Seems like the documentation of that patch...

It is possible that your OpenSSL version does not support those ciphers. Could you please update to the latest version of this script that I just pushed and report back...