Support for SSL/TLS protocols on Windows
https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/
Support for SSL/TLS protocols on Windows
***********Updated on 4th October 2017***********
NOTE: Support for TLS 1.1 and TLS 1.2 is now available in Windows Server 2008 SP2. Install the following update: Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2 |
Secure Socket Layer (SSL) and its successor Transport Layer Security (TLS) are protocols which use cryptographic algorithms to secure the communication between 2 entities. It is just a secure layer running on top of HTTP.
|
Overview of SSL Protocol Stack
Several versions of SSL have been released after its advent in 1995 (SSL 2.0 by Netscape communications, SSL 1.0 was never released). Here is the list:
- SSL 1.0, 2.0 and 3.0
- TLS 1.0 (or SSL 3.1, released in 1999)
- TLS 1.1 (or SSL 3.2, released in 2006)
- TLS 1.2 (or SSL 3.3, released in 2008)
SSL was changed to TLS when it was handed over to IETF for standardizing the security protocol layer in 1999. After making few changes to SSL 3.0, IETF released TLS 1.0. TLS 1.0 is being used by several web servers and browsers till date. What I have never understood, is there have been newer versions released after this, with the latest being TLS 1.2 released in 2008.
On Windows the support for SSL/TLS protocols is tied to the SCHANNEL component. So, if a specific OS version doesn’t support a SSL/TLS version, this means it remains unsupported.
All the windows components/applications abide by this rule and can support only those protocols which are supported at the OS level. For e.g.: IIS and Internet Explorer. |
Below table should give you a good understanding of what protocols are supported on Windows OS.
Windows OS Version | SSL 2.0 | SSL 3.0 | TLS 1.0 | TLS 1.1 | TLS 1.2 |
---|---|---|---|---|---|
Windows XP & Windows Server 2003 | ✓ | ✓ | ✓ | X | X |
Windows Vista & Windows Server 2008 | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows 7 & Windows Server 2008 R2 | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows 8 & Windows Server 2012 | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows 8.1 & Windows Server 2012 R2 | ✓ | ✓ | ✓ | ✓ | ✓ |
Windows 10 & Windows Server 2016 | ✓ | ✓ | ✓ | ✓ | ✓ |
TLS 1.1 & TLS 1.2 are enabled by default on post Windows 8.1 releases. Prior to that they were disabled by default. So the administrators have to enable the settings manually via the registry. Refer this article on how to enable this protocols via registry: https://support.Microsoft.com/en-us/kb/187498
On the client side, you can check this in the browser settings. If you are using IE on any of the supported Windows OS listed above, then in IE, browse to Tools -> Internet Options -> Advanced. Under the Security section, you would see the list of SSL protocols supported by IE. IE supports only those security protocol versions, which is supported by the underlying SCHANNEL component of the OS.
TLS settings in IE on Windows 10
Chrome supports whatever IE supports. If you intend to check the support in Firefox, then enter the text “about:config” in the browser address bar and then enter TLS in the search bar as shown below.
TLS Settings on Firefox v47
The settings security.tls.version.max specifies the maximum supported protocol version and security.tls.version.min specifies the minimum supported protocol version . They can take any of the below 4 values:
- 0 – SSL 3.0
- 1 – TLS 1.0 (This is the current default for the minimum required version.)
- 2 – TLS 1.1
- 3 – TLS 1.2 (This is the current default for the maximum supported version.)
NOTE: The behavior is undefined if security.tls.version.min is larger than the security.tls.version.max value. |
Support for SSL/TLS protocols on Windows的更多相关文章
- SSL & TLS & STARTTLS
https://www.fastmail.com/help/technical/ssltlsstarttls.html SSL vs TLS vs STARTTLS There's often qui ...
- 理解SSL/TLS协议
理解SSL/TLS协议 背景 早期我们在访问web时使用HTTP协议,该协议在传输数据时使用明文传输,明文传输带来了以下风险: 1.信息窃听风险,第三方可以获取通信内容 2.信息篡改风险,第三方可以篡 ...
- SSL/TLS 配置
Quick Start 下列说明将使用变量名 $CATALINA_BASE 来表示多数相对路径所基于的基本目录.如果没有为 Tomcat 多个实例设置 CATALINA_BASE 目录,则 $CATA ...
- SSL/TLS算法流程解析
SSL/TLS 早已不是陌生的词汇,然而其原理及细则却不是太容易记住.本文将试图通过一些简单图示呈现其流程原理,希望读者有所收获. 一.相关版本 Version Source Description ...
- .NET Core下使用gRpc公开服务(SSL/TLS)
一.前言 前一阵子关于.NET的各大公众号都发表了关于gRpc的消息,而随之而来的就是一波关于.NET Core下如何使用的教程,但是在这众多的教程中基本都是泛泛而谈,难以实际在实际环境中使用,而该篇 ...
- SSL/TLS 高强度加密: 常见问题解答
关于这个模块 mod_ssl 简史 mod_ssl会受到Wassenaar Arrangement(瓦森纳协议)的影响吗? mod_ssl 简史 mod_ssl v1 最早在1998年4月由Ralf ...
- [译]使用AES 256以达到SSL/TLS安全最大化
原文链接:https://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html 原文发表时间:201 ...
- 彻底解决:请求被中止: 未能创建 SSL/TLS 安全通道
最近有个项目要调用客户用java写的带https的webservice,对方提供了证书文件 test.pfx,我这里调用方式如下: //webservice代理类 SvcService svc = n ...
- MINA、Netty、Twisted一起学(十一):SSL/TLS
什么是SSL/TLS 不使用SSL/TLS的网络通信,一般都是明文传输,网络传输内容在传输过程中很容易被窃听甚至篡改,非常不安全.SSL/TLS协议就是为了解决这些安全问题而设计的.SSL/TLS协议 ...
随机推荐
- P4211 [LNOI2014]LCA
P4211 [LNOI2014]LCA 链接 分析: 首先一种比较有趣的转化是,将所有点到1的路径上都+1,然后z到1的路径上的和,就是所有答案的deep的和. 对于多次询问,要么考虑有把询问离线,省 ...
- SQL Server 中SELECT INTO 和 INSERT INTO SELECT 两种表复制语句
1.INSERT INTO SELECT语句 语句形式为:Insert into Table2(field1,field2,...) select value1,value2,... from Tab ...
- Oracle保存带&的数据
在SQL*Plus中默认的"&"表示替代变量,也就是说,只要在命令中出现该符号,SQL*Plus就会要你输入替代值.这就意味着你无法将一个含有该符号的字符串输入数据库或赋给 ...
- C++ STL 学习笔记__(7)Set和multiset容器
10.2.8 Set和multiset容器 set/multiset的简介 ² set是一个集合容器,其中所包含的元素是唯一的,集合中的元素按一定的顺序排列.元素插入过程是按排序规则插入,所以不能指 ...
- 【NOI2007】社交网络
[NOI2007]社交网络 Description 在社交网络(social network)的研究中,我们常常使用图论概念去解释一些社会现象.不妨看这样的一个问题.在一个社交圈子里有n个人,人与人之 ...
- docker 一篇文章学习容器化
什么是镜像?什么是容器? 一句话回答:镜像是类,容器是实例 docker 基本操作命令: 删除所有container: docker rm $(docker ps -a -q) 删 ...
- CHAPTER 40 Science in Our Digital Age 第40章 我们数字时代的科学
CHAPTER 40 Science in Our Digital Age 第40章 我们数字时代的科学 The next time you switch on your computer, you ...
- kubernetes高可用设计-CA,etcd
环境准备: master01:192.168.150.128 master02:192.168.150.130 master03:192.168.150.131 node01:192.168.150. ...
- 线程_synchronized_volatile_ReentranLock
线程:cpu同时执行多个任务 synchonized 代码块,对象,类 同步方法和非同步方法可以同时执行同步方法可以调用同步方法(重入)脏读:之同步写,不同步读死锁的demo 一个线程先对A加锁 ...
- Redux和React-Redux的实现(二):Provider组件和connect的实现
接着上一篇讲,上一篇我们实现了自己的Redux和介绍了React的context以及Provider的原理. 1. Provider组件的实现 Provider组件主要有以下下两个作用 在整个应用上包 ...