MinEncryptionLevel = 4 and problems with Windows 8 RDP client (mstsc)

here problem , solution.  may bug in windows 8 rdp client.

target server:
server 2008-r2 datacenter sp1
minencryptionlevel = 4

client one:
server 2008-r2 enterprise sp1
minencryptionlevel = 3
connection attempts work normally.

client two:
windows 8 enterprise
minencryptionlevel = tried possible values, including 3 , 4.
connection attempts fail.

solution:
changing minencryptionlevel 3 on target server allows connections windows 8 (client two).  not required allow connections 2008-r2 client (client one) using rdp 7.1 client.  changing securitylayer , userauthentication values on client 2 made no difference until after minencryptionlevel value on target server reduced 3. 

question:
bug in windows 8?  need enabled fips-compatible crypto on windows 8 enterprise?

thanks!

hello tp:

first of all, thank replying , testing this, appreciate time spent much.

the problem resolved.  "ssl cipher suite order" on windows 8 client had been modified through group policy deal beast attack against ssl , tls 1.0.  change removed tls 1.0 symmetric ciphers except rc4, rc4 not fips-compliant cipher aes (even though rc4 resists beast attack , aes/3des not).

unfortunately, has revealed different shortcoming in rdp, namely, not support tls 1.1 or 1.2.  microsoft's credit, tls 1.1 , 1.2 supported in ie, not in firefox or chrome, apparently rdp not support tls 1.1/1.2. 

it appears rdp hard coded accept rsa-3des-sha1 too, not aes supported (modern intel cpus have special instruction sets accelerate aes, not 3des, performance). 

hopefully these security shortcomings fixed soon.

again, thank you!

Windows Server  >  Remote Desktop Services (Terminal Services)