A couple of weeks ago i experienced an issue with Onedrive after updating Windows to version 21H1
Onedrive suddenly not signing in anymore. I experienced this on multiple systems.
After some research, i finally found out i was missing some Cipher Suites.
To solve this problem i had to clear multiple registry locations.
The cipher Suites i was missing were
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA25
The first registry location might contain a REG_SZ with the name Functions
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
You can completely safely remove the Functions REG_SZ value
When removed the cipers are handled by the OS
The second location contains the enabled Ciphers, Ciphersuites, Hashes, KeyExchangeAlgorithms and Protocols
When you clear out all items below the OS uses it’s defaults
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
Alternatively you can download and run IIS Crypto if you like and run the best practice option.
But i noticed TLS1.0 was enabled when selecting best practice. Is this really best practice?
After the modifications the system needs to reboot.