From Steve Riley site: Changing the SSL cipher order in Internet Explorer 7 on Windows Vista: Recently, the question of using AES for SSL has come up in the newsgroups and at some conferences. When IE makes an HTTPS connection to a web server, it offers a list of cipher supported cipher suites. The server then selects the first one from the list that it can match. The default order that IE follows is this: TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_256_CBC_SHATLS_RSA_WITH_RC4_128_SHATLS_RSA_WITH_3DES_EDE_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521TLS_DHE_DSS_WITH_AES_128_CBC_SHATLS_DHE_DSS_WITH_AES_256_CBC_SHATLS_DHE_DSS_WITH_3DES_EDE_CBC_SHATLS_RSA_WITH_RC4_128_MD5SSL_CK_RC4_128_WITH_MD5SSL_CK_DES_192_EDE3_CBC_WITH_MD5TLS_RSA_WITH_NULL_MD5TLS_RSA_WITH_NULL_SHA When you study the list, you’ll see that IE presents the algorithms in decreasing order of strength, but places the shorter bit-lengths first. Why? … Continue reading Changing the SSL cipher order in Internet Explorer 7 on Windows Vista