zoukankan      html  css  js  c++  java
  • Support for SSL/TLS protocols on Windows

    https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/

    Support for SSL/TLS protocols on Windows

    ★★★★★
    ★★★★
    ★★★
    ★★

    ***********Updated on 4th October 2017***********

    NOTE: Support for TLS 1.1 and TLS 1.2 is now available in Windows Server 2008 SP2. Install the following update:

    Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2 

    Secure Socket Layer (SSL) and its successor Transport Layer Security (TLS) are protocols which use cryptographic algorithms to secure the communication between 2 entities. It is just a secure layer running on top of HTTP.

    SSL Handshake
    Protocol
    SSL Change
    Cipher Spec
    Protocol
    SSL Alert
    Protocol
    HTTP
    SSL Record Protocol
    TCP
    IP

    Overview of SSL Protocol Stack

    Several versions of SSL have been released after its advent in 1995 (SSL 2.0 by Netscape communications, SSL 1.0 was never released). Here is the list:

    • SSL 1.0, 2.0 and 3.0
    • TLS 1.0 (or SSL 3.1, released in 1999)
    • TLS 1.1 (or SSL 3.2, released in 2006)
    • TLS 1.2 (or SSL 3.3, released in 2008)

    SSL was changed to TLS when it was handed over to IETF for standardizing the security protocol layer in 1999. After making few changes to SSL 3.0, IETF released TLS 1.0. TLS 1.0 is being used by several web servers and browsers till date. What I have never understood, is there have been newer versions released after this, with the latest being TLS 1.2 released in 2008.

    On Windows the support for SSL/TLS protocols is tied to the SCHANNEL component. So, if a specific OS version doesn’t support a SSL/TLS version, this means it remains unsupported.

    All the windows components/applications abide by this rule and can support only those protocols which are supported at the OS level. For e.g.: IIS and Internet Explorer.

    Below table should give you a good understanding of what protocols are supported on Windows OS.

    Windows OS VersionSSL 2.0SSL 3.0TLS 1.0TLS 1.1TLS 1.2
    Windows XP & Windows Server 2003 X X
    Windows Vista & Windows Server 2008
    Windows 7 & Windows Server 2008 R2
    Windows 8 & Windows Server 2012
    Windows 8.1 & Windows Server 2012 R2
    Windows 10 & Windows Server 2016

    TLS 1.1 & TLS 1.2 are enabled by default on post Windows 8.1 releases. Prior to that they were disabled by default. So the administrators have to enable the settings manually via the registry. Refer this article on how to enable this protocols via registry: https://support.Microsoft.com/en-us/kb/187498

    On the client side, you can check this in the browser settings. If you are using IE on any of the supported Windows OS listed above, then in IE, browse to Tools -> Internet Options -> Advanced. Under the Security section, you would see the list of SSL protocols supported by IE. IE supports only those security protocol versions, which is supported by the underlying SCHANNEL component of the OS.

    TLS settings in IE on Windows 10

    Chrome supports whatever IE supports. If you intend to check the support in Firefox, then enter the text “about:config” in the browser address bar and then enter TLS in the search bar as shown below.

    TLS Settings on Firefox v47

    The settings security.tls.version.max specifies the maximum supported protocol version and security.tls.version.min specifies the minimum supported protocol version . They can take any of the below 4 values:

    • 0 – SSL 3.0
    • 1 – TLS 1.0 (This is the current default for the minimum required version.) 
    • 2 – TLS 1.1
    • 3 – TLS 1.2 (This is the current default for the maximum supported version.)

    NOTE: The behavior is undefined if security.tls.version.min is larger than the security.tls.version.max value.

  • 相关阅读:
    React实现新闻网站--使用动态路由获取不同列表内容
    Bootstrap4 轮播+模态框+提示框+弹出框
    JDK 升级问题小结
    JDK8 指南(译)
    如何学习一门编程语言
    redis 系列5 数据结构之字典(上)
    sql server 临时表(上) Tempdb概述
    redis 系列4 数据结构之链表
    redis 系列3 数据结构之简单动态字符串 SDS
    redis 系列2 知识点概述
  • 原文地址:https://www.cnblogs.com/jinanxiaolaohu/p/9678337.html
Copyright © 2011-2022 走看看