TLS Cipher Suites / Windows Schannel logging

If you are trying to validate which TLS cipher suites are being used by a Microsoft Windows system, these resources might be helpful:

Packet captures can be helpful as well, but maybe you are trying to determine which cipher suite is in use based on the four digit representation, coming from Schannel logging within the Event Viewer. First, here is the list of all TLS cipher suites and their four digit representations:

Next, to view TLS information, you must enable Schannel logging to a sufficient level:

The resulting output will be shown in the System Event log:

Now, which cipher suite is in use? You might be used to seeing full description like this:


So which cipher suite is 0xC030? Reference the above IANA link, and match the values: