How to upgrade the cipher suite to a Windows Server 2012 R2 Standard

Hello,

installing the SSL certificates on my Windows Server 2012 R2 Standard with IIS 8.5 I found myself having the following message when I went to see the specifications of the certificate installed on the browser: "The connection to www.xxxxx.it is encrypted via an encryption package obsolete".

The certificate vendor told me that the problem was not in the certificate but in the system ciphers.

I was then suggested by the TechNet forum to install the certificates I found on the page

https://support.hostway.com/hc/en-us/articles/360000024630-Managing-Windows-Server-Cipher-Suites-

(which are the same ones that Microsoft recommends). I did the update but I did not have any results. The site's rating on SSL Test was always and everywhere C and I always had the message that the certificate was obsolete.

At that point, based on the results of reting, I disabled the SSL 3 service and deleted some encryption packages marked as weak. And so at last the installed ciphers were:

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,

TLS_DHE_DSS_WITH_AES_256_CBC_SHA,

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,

TLS_DHE_DSS_WITH_AES_128_CBC_SHA,

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,

SSL_CK_DES_192_EDE3_CBC_WITH_MD5

A new test showed a global improvement in the situation, guaranteeing me a rank B with a significant increase in the level of the Protocol support. However, the Cipher streght still remains critical, as the site gives me the following warning: "This server does not support Authenticated encryption (AEAD) cipher suites." Grade capped to B. " which makes me think that it is an inherent problem of Windows Server 2012 R2, also because the original problem to date has not yet been solved, as the message on the use of obsolete cryptographic packages is still present.

Can you help me please?

Thank you