Microsoft Security Advisory 3155527

Update to Cipher Suites for FalseStart

Published: May 10, 2016

Version: 1.0

Executive Summary

FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first flight of application_data records using the attacker’s chosen cipher suite from the client’s list. To avoid downgrade attacks, TLS clients only allow FalseStart when their strongest cipher suites are negotiated.

This advisory update provides a routine maintenance of the list of cipher suites that can be used with FalseStart. This update has no impact on connectivity or interoperability.

For additional details and deployment guidance, see Microsoft Knowledge Base Article 3155527.

Affected Software

Operating System
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT 8.1
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Server Core installation option
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)

Advisory FAQ

What is the scope of the advisory? 
To announce the availability of an update to the list of cipher suites that can be used with FalseStart.

What does the update do? 
The update provides the latest list of cipher suites that can be used with FalseStart. This update has no impact on connectivity or interoperability.


Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.

Other Information

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.




The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.


  • V1.0 (May 10, 2016): Advisory published.

Page generated 2016-05-04 10:20-07:00.