Whatever Cipher suite preference I choose on Server 2012 R2, I can't make both Google Chrome and SSLLabs.com happy.
I either get obsolete cryptography in Chrome or a Grade B on ssllabs.
When using IIS 10 on Server 2016 TP2, I can use the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite and get modern cryptographyand a Grade A.
I tried to add TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 to my 2012 R2 server, but that doesn't seem to work. Chrome and other clients just don't use it.
Is there a way to enable this on 2012 R2 or even 2008 R2, or are there any plans to support this in the future?