Windows 10 TPM 2.0 Client Authentication in TLS 1.2 with RSA PSS making trouble

Question

Windows 10 TPM 2.0 Client Authentication in TLS 1.2 with RSA PSS making trouble

S1ngl3t0n 31

Hi everyone

I just wanted let you know that we have found an error in combination with TPM-saved RSA certificates and Client Authentication on TLS1.2 with newer Windows 10 Clients (probably all after 1909).
It seems that a lot of 2.0 TPMs have a problem with RSA PSS.

I wanted to share this problem because we have spent a lot of time to identify the issue. So I hope that other admins will find this post before they spend a lot of time in troubleshooting.

The issue happens during the TLS handshake. The TPM just doesn't signs the certificate verify step as shown on this print screen:

By disabling RSA PSS on the client, the client uses another cipher to sign the packet and then it works.
You can disable RSA PSS by following those steps:

Backup this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003
Under Functions remove the following signature suites from the list:
RSAE-PSS/SHA256
RSAE-PSS/SHA384
RSAE-PSS/SHA512
Reboot

After the reboot, the client uses now RSA PKCS1 and the signature step runs successful:

The issue was initially identified on a EAP-TLS authentication for an IPSec tunnel. But the issue happens also on client certificate authentication on https websites as both use TLS for the handshake.

Keep in mind that this is only a workaround and should not be used as a final solution. We are actually still working with Microsoft on a solution.
It's still not 100% clear if it's the TPM that is making the issue or if it is the OS.

I will keep you updated...

TryToFix 1 Reputation point

2021-09-03T06:38:42.117+00:00

Have the same issue. In our case, Wireshark only tells "<MISSING>" for the signature attribute.
Disabling the signature algorithms only helps for windows SSL, but not for the Chromium Engine in Chrome or Edge Browser.

Please tell me, if you have some news.
Ola Magnus Sundlisæter 6 Reputation points

2022-04-21T13:52:27.77+00:00

Does it help upgrading TPM version to 7.85.4555.0?
James Edmonds 831 Reputation points

2022-08-23T14:50:43.72+00:00

Was there ever any proper solution to this issue?

We are encountering this with our older TPM 1.2 devices with always on VPN tunnels using PEAP-TLS, and wondered if we could have Windows instead store certs/keys for the VPN certificates in the software crypto provider rather than TPM?

Cheers
James
Morten Rask Christensen 1 Reputation point

2022-10-05T12:40:21.863+00:00

We are also facing the same issue. Did you ever resolve it with Microsoft?
Kyle Radon 1 Reputation point

2022-10-13T16:21:45.71+00:00

Bump, same here
Anonymous

2022-11-01T20:07:02.677+00:00

Yes, it helps - just testet. but be carefull, the TPM will be cleared by this action...
Adam Whiting 6 Reputation points

2022-12-05T21:35:40.297+00:00

Any update on this?
Hrvoje Kusulja 146 Reputation points MVP

2023-07-25T10:43:29.4666667+00:00

Thank you, I also confirm have the same issue, after reinstalling using latest USB from Microsoft, on Windows 10.0.22621

I also confirm that removing these 3 keys resolved the issue.

Can you confirm what is this exactly? will this be fixed in future version? should we revert those registry keys back at some point etc?

thank you so much, but this is the only solution on the internet
Emma Smith 15 Reputation points

2024-01-05T11:04:35.8666667+00:00

Thanks, I had the same issue with Win11 on an older HP laptop with tpm2.0, pulling out my hair for 3 days while trying to configure TLS/EAP, removing the 3 suites from the registry value worked for me.
Andrea Martínez García 0 Reputation points

2024-02-07T12:50:42.1166667+00:00

Issue is impacting specific HW models with TPM subversion 1.16 (2.0, 0, 1.16): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361
Possible WA is to either update TPM or disable RSA PSS.

Lenovo:
https://support.lenovo.com/gb/en/product_security/len-15552
DELL:
https://www.dell.com/support/kbdoc/es-es/000144419/infineon-trusted-platform-module-tpm-vulnerability-cve-2017-15361-impact-status-on-dell-products?lang=en
Weigand, Robert 0 Reputation points

2024-05-01T06:59:35.21+00:00

When RSA PSS is deactivated on the client, a lot of TLS 1.3 enabled websites and services were not reachable from and on our Win11 clients. IIS Express, LRS Personal Print Manager, Whiteboard, Invoke-WebRequest to a lot of websites, like https://www.microsoft.com did not work.

We resorted to temporary disabling client and server-side TLS 1.3 on the clients (setting under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server and Client, Enabled=0).

We're in a process of setting the defaults back for most of our client computers, since only the oldest models (Lenovo Tx80 and M920) are still on TPM 2.0 Rev 1.16. All the other TPM 2.0 1.38 and higher models seem to work fine with the default configuration.
Sebastian Cerazy 316 Reputation points

2025-01-28T08:44:12.1966667+00:00

This was also a "solution" to to WinRM failing to connect to clients (configured with SSL certificate).

But then there are other side effects, one cannot connect to Windows 11 iOT or Windows Server 2025 via standard RDP client (not modified in any way on either side)

5 answers

Your answer

TryToFix 1 Reputation point

2021-09-03T06:38:42.117+00:00

Have the same issue. In our case, Wireshark only tells "<MISSING>" for the signature attribute.
Disabling the signature algorithms only helps for windows SSL, but not for the Chromium Engine in Chrome or Edge Browser.

Please tell me, if you have some news.
Ola Magnus Sundlisæter 6 Reputation points

2022-04-21T13:52:27.77+00:00

Does it help upgrading TPM version to 7.85.4555.0?
James Edmonds 831 Reputation points

2022-08-23T14:50:43.72+00:00

Was there ever any proper solution to this issue?

We are encountering this with our older TPM 1.2 devices with always on VPN tunnels using PEAP-TLS, and wondered if we could have Windows instead store certs/keys for the VPN certificates in the software crypto provider rather than TPM?

Cheers
James
Morten Rask Christensen 1 Reputation point

2022-10-05T12:40:21.863+00:00

We are also facing the same issue. Did you ever resolve it with Microsoft?
Kyle Radon 1 Reputation point

2022-10-13T16:21:45.71+00:00

Bump, same here
Anonymous

2022-11-01T20:07:02.677+00:00

Yes, it helps - just testet. but be carefull, the TPM will be cleared by this action...
Adam Whiting 6 Reputation points

2022-12-05T21:35:40.297+00:00

Any update on this?
Hrvoje Kusulja 146 Reputation points MVP

2023-07-25T10:43:29.4666667+00:00

Thank you, I also confirm have the same issue, after reinstalling using latest USB from Microsoft, on Windows 10.0.22621

I also confirm that removing these 3 keys resolved the issue.

Can you confirm what is this exactly? will this be fixed in future version? should we revert those registry keys back at some point etc?

thank you so much, but this is the only solution on the internet
Emma Smith 15 Reputation points

2024-01-05T11:04:35.8666667+00:00

Thanks, I had the same issue with Win11 on an older HP laptop with tpm2.0, pulling out my hair for 3 days while trying to configure TLS/EAP, removing the 3 suites from the registry value worked for me.
Andrea Martínez García 0 Reputation points

2024-02-07T12:50:42.1166667+00:00

Issue is impacting specific HW models with TPM subversion 1.16 (2.0, 0, 1.16): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15361
Possible WA is to either update TPM or disable RSA PSS.

Lenovo:
https://support.lenovo.com/gb/en/product_security/len-15552
DELL:
https://www.dell.com/support/kbdoc/es-es/000144419/infineon-trusted-platform-module-tpm-vulnerability-cve-2017-15361-impact-status-on-dell-products?lang=en
Weigand, Robert 0 Reputation points

2024-05-01T06:59:35.21+00:00

When RSA PSS is deactivated on the client, a lot of TLS 1.3 enabled websites and services were not reachable from and on our Win11 clients. IIS Express, LRS Personal Print Manager, Whiteboard, Invoke-WebRequest to a lot of websites, like https://www.microsoft.com did not work.

We resorted to temporary disabling client and server-side TLS 1.3 on the clients (setting under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server and Client, Enabled=0).

We're in a process of setting the defaults back for most of our client computers, since only the oldest models (Lenovo Tx80 and M920) are still on TPM 2.0 Rev 1.16. All the other TPM 2.0 1.38 and higher models seem to work fine with the default configuration.
Sebastian Cerazy 316 Reputation points

2025-01-28T08:44:12.1966667+00:00

This was also a "solution" to to WinRM failing to connect to clients (configured with SSL certificate).

But then there are other side effects, one cannot connect to Windows 11 iOT or Windows Server 2025 via standard RDP client (not modified in any way on either side)

Answer 1

I had opened a ticket with Microsoft on this specific issue. Response from support is below.

This is indeed a limitation with the TPM. Specifically, we have seen this behaviour with TPM v2.0 revision 1.16 (higher revisions do not exhibit this issue).

The TLS 1.3 RFC requires the RSA-PSS signature algorithm salt to be equal to the length of the output of the digest algorithm (also applies to TLS 1.2).

On the affected machines, the salt size does not match:
[TPM version: PCP_PLATFORM_TYPE: "TPM-Version:2.0 -Level:0-Revision:1.16-VendorID:'IFX '-Firmware:458815.858368"]

11/15/22-09:38:07.1611301 [Microsoft.Tpm.DebugTracing.KSP] [FunctionEnd] PartA_PrivTags=16777216, Name=DetectPSSPaddingSalt, HResult=The operation completed successfully. (0x00000000)
11/15/22-09:38:07.1611392 [Microsoft.Tpm.DebugTracing.KSP] [FunctionEnd] PartA_PrivTags=16777216, Name=TpmKey20Rsa::SignHash, HResult=The requested salt size for signing with RSAPSS does not match what the TPM uses. (0x40290423)
11/15/22-09:38:07.1611529 [Microsoft.Tpm.DebugTracing.KSP] [FunctionEnd] PartA_PrivTags=16777216, Name=ProviderSignHash, HResult=The requested salt size for signing with RSAPSS does not match what the TPM uses. (0x40290423)

Compare this with a working machine:
[TPM version: PCP_PLATFORM_TYPE: "TPM-Version:2.0 -Level:0-Revision:1.38-VendorID:'NTC '-Firmware:458754.131072"]

11/15/22-09:49:31.3205956 [Microsoft.Tpm.DebugTracing.KSP] [FunctionEnd] PartA_PrivTags=16777216, Name=DetectPSSPaddingSalt, HResult=The operation completed successfully. (0x00000000)
11/15/22-09:49:31.3206060 [Microsoft.Tpm.DebugTracing.KSP] [FunctionEnd] PartA_PrivTags=16777216, Name=TpmKey20Rsa::SignHash, HResult=The operation completed successfully. (0x00000000)
11/15/22-09:49:31.3206072 [Microsoft.Tpm.DebugTracing.KSP] [FunctionEnd] PartA_PrivTags=16777216, Name=ProviderSignHash, HResult=The operation completed successfully. (0x00000000)

The possible solutions are:

Upgrade the TPM to a higher revision (if available)

Disable the RSA-PSS signature algorithms on the client

Use a certificate that does not use RSA signature algorithms

We've been attempting to source a TPM upgrade to get us to subversion 1.38 on affected devices.

Adam Whiting 6 Reputation points

2022-12-06T16:41:51.297+00:00

Thank you for the information that clarifies what we are hitting and gives us a path to try and move forward.
Gino 11 Reputation points

2022-12-06T16:44:39.917+00:00

A further note, I have seen this work when using a certificate with a public key length of 1024 bits. All of ours are 2048 bits and that seems to be when the problem occurs.
Matt Olan 1 Reputation point

2023-01-03T21:00:58.91+00:00

Thank you for sharing this. It would seem 1 1/2 later in 2023 this is still an issue that hasn't been resolved! Was pulling my hair out for a couple of weeks looking for an answer to this.
Gino 11 Reputation points

2023-01-04T21:02:38.35+00:00

To be fair, this isn't really a Windows issue but a TPM issue. It is resolved as long as your TPM is updated to the correct revision, just getting to the correct revision can be problematic depending on the state of the machine though since it will need to be wiped.
Sebastian Cerazy 316 Reputation points

2025-01-28T09:32:15.1166667+00:00

That does not make sense: 3.Use a certificate that does not use RSA signature algorithms

As per this: https://www.derekseaman.com/2021/03/disabling-the-rsassa-pss-algorithm-on-your-microsoft-ca.html

my CA is sha256RSA

How could I issue a different certificate?

Seb

Answer 2

This problem gave me the following error when saving the Bitlocker recovery key in AzureAD:

Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Azure AD.
TraceId: {....}
Error: Unknown HResult Error code: 0x80072f8f

Problem occured on Windows 11 version 10.0.22621

Removing the 3 registry values helped.

Output from tpmtool getdeviceinformation

-TPM Present: True
-TPM version: 2.0
-TPM Vendor ID: IFX
- Full name of TPM manufacturer: Infineon
-TPM Manufacturer Version: 7.63.3353.0
-PPI version: 1.3
-Is initialized: True
-Ready to save: True
-Ready for Evidence: True
-Is verifiable: True
-Must be deleted to restore: False
-Can be deleted: True
  Incorrect
-Bitlocker PCR7 Binding Status: Bound
-Maintenance task completed: True
-TPM specification version: 1.16
-TPM Errata Date: Wednesday, September 21, 2016
-PC client version: 1.00
-Lockout information:
         -Is blocked: False
         -Lockout counter: 0
         -Max. Authentication error: 31
         -Lockout interval: 600s
         -Lockout recovery: 86400s

Felipe M Ferreira 11 Reputation points

2023-07-26T19:06:03.5133333+00:00

Robert, I just wanted to thank you for commenting to this topic, thanks to your comment I was able to find this topic with the workaround. I was having the exact same issue with BitLocker.

Answer 3

Hi,

Welcome to Q&A platform.

Please kindly understand that analyze Wireshark network traffics is beyond our forum support level. Due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

Here is the link:

https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

Best Regards,
Sunny

----------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

danwheeler 10

THANK YOU for this. Mystery handshake error with EAP/TLS Wi-Fi authentication to Cisco ISE on Surface Pro 4 solved instantly. (after hours of head scratching in the lab)

Peixoto, Victor 1 Reputation point

2024-01-03T11:18:53.64+00:00

Thanks this also resolved a mystery issue with AOVPN and Win 2022 NPS servers, auth worked fine with 2019 NPS but kept failing with 2022 NPS. Removed registry keys et voila, connected!
Alex Ledger 0 Reputation points

2024-05-14T22:08:45.3766667+00:00

Although removing 3 cipher suites from the registry resolves the issue. We found it can the cause other issues with TLS authentication. Was there any other suggestion to resolve this properly.?
Gino 11 Reputation points

2024-05-15T12:52:49.83+00:00

The only solution is to upgrade the TPM to v2.0 subversion 1.38

Answer 5

Heinonen, Ari Seppo 0

Thanks for the information! This caused connection problems to the AlwaysOn VPN service in Azure on our user computers that were recently updated to the Win 10 23H2 version. Manually removing those three ciphers did fix the issue. Another solution is to revert back to 22H2 update.

The error message in Event viewer was:
The user xxxxx dialed a connection named xxxxx which has failed. The error code returned on failure is -1878457596.

Share via

Windows 10 TPM 2.0 Client Authentication in TLS 1.2 with RSA PSS making trouble

5 answers

Your answer