https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/

Support for SSL/TLS protocols on Windows

★★★★★
★★★★
★★★
★★
October 2, 2011 by Kaushal Kumar Panday // 100 Comments

***********Updated on 4th October 2017***********

NOTE: Support for TLS 1.1 and TLS 1.2 is now available in Windows Server 2008 SP2. Install the following update:

Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2

Secure Socket Layer (SSL) and its successor Transport Layer Security (TLS) are protocols which use cryptographic algorithms to secure the communication between 2 entities. It is just a secure layer running on top of HTTP.

SSL Handshake
Protocol
SSL Change
Cipher Spec
Protocol
SSL Alert
Protocol
HTTP
SSL Record Protocol
TCP
IP

Overview of SSL Protocol Stack

Several versions of SSL have been released after its advent in 1995 (SSL 2.0 by Netscape communications, SSL 1.0 was never released). Here is the list:

  • SSL 1.0, 2.0 and 3.0
  • TLS 1.0 (or SSL 3.1, released in 1999)
  • TLS 1.1 (or SSL 3.2, released in 2006)
  • TLS 1.2 (or SSL 3.3, released in 2008)

SSL was changed to TLS when it was handed over to IETF for standardizing the security protocol layer in 1999. After making few changes to SSL 3.0, IETF released TLS 1.0. TLS 1.0 is being used by several web servers and browsers till date. What I have never understood, is there have been newer versions released after this, with the latest being TLS 1.2 released in 2008.

On Windows the support for SSL/TLS protocols is tied to the SCHANNEL component. So, if a specific OS version doesn’t support a SSL/TLS version, this means it remains unsupported.

All the windows components/applications abide by this rule and can support only those protocols which are supported at the OS level. For e.g.: IIS and Internet Explorer.

Below table should give you a good understanding of what protocols are supported on Windows OS.

Windows OS Version SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2
Windows XP & Windows Server 2003 X X
Windows Vista & Windows Server 2008
Windows 7 & Windows Server 2008 R2
Windows 8 & Windows Server 2012
Windows 8.1 & Windows Server 2012 R2
Windows 10 & Windows Server 2016

TLS 1.1 & TLS 1.2 are enabled by default on post Windows 8.1 releases. Prior to that they were disabled by default. So the administrators have to enable the settings manually via the registry. Refer this article on how to enable this protocols via registry: https://support.Microsoft.com/en-us/kb/187498

On the client side, you can check this in the browser settings. If you are using IE on any of the supported Windows OS listed above, then in IE, browse to Tools -> Internet Options -> Advanced. Under the Security section, you would see the list of SSL protocols supported by IE. IE supports only those security protocol versions, which is supported by the underlying SCHANNEL component of the OS.

TLS settings in IE on Windows 10

Chrome supports whatever IE supports. If you intend to check the support in Firefox, then enter the text “about:config” in the browser address bar and then enter TLS in the search bar as shown below.

TLS Settings on Firefox v47

The settings security.tls.version.max specifies the maximum supported protocol version and security.tls.version.min specifies the minimum supported protocol version . They can take any of the below 4 values:

  • 0 – SSL 3.0
  • 1 – TLS 1.0 (This is the current default for the minimum required version.)
  • 2 – TLS 1.1
  • 3 – TLS 1.2 (This is the current default for the maximum supported version.)

NOTE: The behavior is undefined if security.tls.version.min is larger than the security.tls.version.max value.

Support for SSL/TLS protocols on Windows的更多相关文章

  1. SSL & TLS & STARTTLS

    https://www.fastmail.com/help/technical/ssltlsstarttls.html SSL vs TLS vs STARTTLS There's often qui ...

  2. 理解SSL/TLS协议

    理解SSL/TLS协议 背景 早期我们在访问web时使用HTTP协议,该协议在传输数据时使用明文传输,明文传输带来了以下风险: 1.信息窃听风险,第三方可以获取通信内容 2.信息篡改风险,第三方可以篡 ...

  3. SSL/TLS 配置

    Quick Start 下列说明将使用变量名 $CATALINA_BASE 来表示多数相对路径所基于的基本目录.如果没有为 Tomcat 多个实例设置 CATALINA_BASE 目录,则 $CATA ...

  4. SSL/TLS算法流程解析

    SSL/TLS 早已不是陌生的词汇,然而其原理及细则却不是太容易记住.本文将试图通过一些简单图示呈现其流程原理,希望读者有所收获. 一.相关版本 Version Source Description ...

  5. .NET Core下使用gRpc公开服务(SSL/TLS)

    一.前言 前一阵子关于.NET的各大公众号都发表了关于gRpc的消息,而随之而来的就是一波关于.NET Core下如何使用的教程,但是在这众多的教程中基本都是泛泛而谈,难以实际在实际环境中使用,而该篇 ...

  6. SSL/TLS 高强度加密: 常见问题解答

    关于这个模块 mod_ssl 简史 mod_ssl会受到Wassenaar Arrangement(瓦森纳协议)的影响吗? mod_ssl 简史 mod_ssl v1 最早在1998年4月由Ralf ...

  7. [译]使用AES 256以达到SSL/TLS安全最大化

    原文链接:https://luxsci.com/blog/256-bit-aes-encryption-for-ssl-and-tls-maximal-security.html 原文发表时间:201 ...

  8. 彻底解决:请求被中止: 未能创建 SSL/TLS 安全通道

    最近有个项目要调用客户用java写的带https的webservice,对方提供了证书文件 test.pfx,我这里调用方式如下: //webservice代理类 SvcService svc = n ...

  9. MINA、Netty、Twisted一起学(十一):SSL/TLS

    什么是SSL/TLS 不使用SSL/TLS的网络通信,一般都是明文传输,网络传输内容在传输过程中很容易被窃听甚至篡改,非常不安全.SSL/TLS协议就是为了解决这些安全问题而设计的.SSL/TLS协议 ...

随机推荐

  1. 「PKUSC2018」真实排名

    题面 题解 因为操作为将一些数字翻倍, 所以对于一个数\(x\), 能影响它的排名的的只有满足\(2y\geq x\)或\(2x>y\)的\(y\) 将选手的成绩排序,然后考虑当前点的方案 1. ...

  2. 图片缩放插件GestureImageView——Android 常用插件推荐(一)

    Android 开发过程中,交互效果是一个非常繁琐的过程,甚至比Web开发过程中JS特效更加复杂.通过多年的发展,常用的交互方式已经发展相当成熟,而且有很多非常好的插件.为了避免重复造轮子,一些常用的 ...

  3. Docker数据卷容器

    用户需要在多个容器之间共享一些数据,就可以使用数据卷容器   从阿里云仓库下载镜像(也可以自己制作一个基础进项,比如只有几M的alpine) sudo docker pull registry.cn- ...

  4. JUC——线程同步锁(ReentrantLock)

    ReentrantLock简介 ReentrantLock是一个可重复的互斥锁,又被称为独占锁,可重入的意思是:ReentrantLock锁可以被单个线程多次获取.但是在同一个时间点只能被一个线程锁持 ...

  5. 【LeetCode算法题库】Day3:Reverse Integer & String to Integer (atoi) & Palindrome Number

    [Q7]  把数倒过来 Given a 32-bit signed integer, reverse digits of an integer. Example 1: Input: 123 Outpu ...

  6. phpcms 容许英文目录有空格

    在PHPCMS添加栏目里面,有个选项是 英文目录,这里目录可以用作伪静态功能.这么英文不能有空格等特殊字符.但是如果页面中需要引用包含空格的字符呢,例如,关于我们页面,我要显示英文about us.那 ...

  7. PHP has encountered an Access Violation at 01F4A622解决方法

    php搭建的网站出现以下问题的解决方法分享: Z-blog,DedeCMS,Dsicuz!,PhpWind,PhpCMS,帝国CMS等都有可能出现php访问冲突问题. 今天访问网站发现出现了一个错误& ...

  8. day16 类

    初识面向对象 1.   面向过程:  一切以事物的流程为核心.  核心是"过程"二字, 过程是指解决问题的步骤, 即, 先干什么, 后⼲什么. 基于该思想编写程序就好比在编写一套流 ...

  9. 【RL系列】MDP与DP问题

    推荐阅读顺序: Reinforcement Learning: An Introduction (Drfit)  有限马尔可夫决策过程 动态编程笔记 Dynamic programming in Py ...

  10. 黑客攻防web安全实战详解笔记

    如有不足,欢迎指出,谢谢! ----------------------------------------- 1,url传值 GET传值:其传递的值会附加到url上  POST传值:其传递的值不会加 ...