.NET
Microsoft Technologies based on the .NET software framework.
4,103 questions
Legacy certificates in Windows 11
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 80%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
David Sisques
0
Reputation points
Our customer has an installation of about 70 wcf services running sslStreamSecurity sslProtocols="Ssl3" on operating systems W2012 to W2022. He also has about 300 wpf clients connecting to these services.
In addition, the certificates used in the system have md5 algorithm.
Everything works over a private network, so the privacy of communications is not the most important thing.
Neither Ssl3.0 nor md5 works on Windows 11 and it is a big problem. We don't know how to deal with the upgrade of the operating systems.
Is there any way to force Windows 11 to use Ssl3 and md5 certificates?
If not, how can I organize the migration to make all the changes without downtime?
.NET
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 11%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHL%3C/text%3E%3C/svg%3E)
Hui Liu-MSFT 48,676 Reputation points Microsoft External Staff2023-06-22T07:07:57.35+00:00 Hi,@David Sisques . Welcome Microsoft Q&A.
It is not recommended to force Windows 11 to use SSLv3 and MD5 certificates, as they are considered insecure and have significant vulnerabilities. I recommend taking the following steps to organize the migration and minimize downtime:
Upgrade WCF Services: Start by upgrading your WCF services to use a more secure SSL protocol, such as TLS 1.2 or higher. Update the sslProtocols attribute in your WCF service configuration to enable TLS 1.2 or higher and disable SSLv3. This will ensure compatibility with Windows 11 and other modern operating systems.
Replace MD5 Certificates: Replace the MD5 certificates with certificates that use a stronger hashing algorithm, such as SHA-256. Generate or obtain new certificates with secure signature algorithms and replace the existing certificates on your WCF services. Update the server and client configurations to use the new certificates.
Test Compatibility: Identify the specific tasks required, including upgrading SSL protocols, replacing MD5 certificates, and updating software components. Before upgrading to Windows 11, thoroughly test the compatibility of your WCF services and WPF clients with the new operating system.Set up a test environment to validate the changes and ensure everything works as expected before applying them to the production environment.
Rollout in Phases: To minimize downtime and disruptions, you could consider rolling out the upgrades in phases. Start by upgrading a subset of WCF services and corresponding WPF clients while keeping the rest of the services and clients on the existing configuration. Monitor the performance and compatibility of the upgraded services and clients during this phase.
Monitor Compatibility: Continuously monitor the compatibility and performance of the upgraded services and clients in the production environment. Gather feedback from users and address any issues that arise promptly.
Sign in to comment
Sign in to answer