TLS/SSL Cryptographic Enhancements
Overview
Microsoft has added new TLS extensions that enable the support of both AES and new ECC (elliptic curve cryptography) cipher suites. In addition, custom cryptographic mechanisms can now be implemented and used with Schannel as custom cipher suites. Schannel is the Windows security package that implements TLS and SSL.
AES cipher suites
The support for AES (which is not available in Microsoft Windows® 2000 Server or Windows Server 2003) is important because AES has become a National Institute of Standards and Technology (NIST) standard. To ease the process of bulk encryption, cipher suites that support AES have been added. The following list is the subset of TLS AES cipher suites defined in Request for Comments (RFC) 3268, "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)," (https://go.microsoft.com/fwlink/?LinkId=105879) that are available in Windows Vista:
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Requirements
To negotiate these new cipher suites, the client and server computers must be running either Windows Vista or Windows Server 2008.
Configure AES
For information about the registry entries used to configure TLS/SSL ciphers in previous versions of Windows, see TLS/SSL Tools and Settings (https://go.microsoft.com/fwlink/?LinkId=105880). These settings are only available for cipher suites included with Windows operating systems earlier than Windows Vista and are not supported for AES. Cipher preferences are configured in Windows Vista by enabling the SSL Cipher Suite Order policy setting in Administrative Templates\Network\SSL Configuration Settings.
Note
The Windows Vista–based computer must be restarted for any setting changes to take effect.
ECC cipher suites
ECC is a key-generation technique that is based on elliptic curve theory and is used to create more efficient and smaller cryptographic keys. ECC key generation differs from the traditional method that uses the product of very large prime numbers to create keys. Instead, ECC uses an elliptic curve equation to create keys. ECC keys are approximately six times smaller than the equivalent strength traditional keys, which significantly reduces the computations that are needed during the TLS handshake to establish a secure connection.
In Windows Vista, the Schannel security service provider includes new cipher suites that support ECC cryptography. ECC cipher suites can now be negotiated as part of the standard TLS handshake. The subset of ECC cipher suites defined in RFC 4492, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)," (https://go.microsoft.com/fwlink/?LinkId=105881) that are available in Windows Vista is shown in the following list:
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
The ECC cipher suites use three NIST curves: P-256 (secp256r1), P-384 (secp384r1), and P-521 (secp521r1).
Requirements
To use the ECDHE_ECDSA cipher suites, ECC certificates must be used. Rivest-Shamir-Adleman (RSA) certificates can be used to negotiate the ECDHE_RSA cipher suites. Additionally, the client and server computers must be running either Windows Vista or Windows Server 2008.
Configure ECC cipher suites
Cipher preferences are configured in Windows Vista by using the SSL Cipher Suite Orderpolicy setting in Administrative Templates\Network\SSL Configuration Settings.
Note
The Windows Vista–based computer must be restarted for these settings to take effect.
Schannel CNG provider model
Microsoft introduced a new implementation of the cryptographic libraries with Windows Vista that is referred to as Cryptography Next Generation, or CNG. CNG allows for an extensible provider model for cryptographic algorithms.
Schannel, which is Microsoft's implementation of TLS/SSL for Windows Server 2008 and Windows Vista, uses CNG so that any underlying cryptographic mechanisms can be used. This allows organizations to create new cipher suites or reuse existing ones when used with Schannel. The new cipher suites included with Windows Server 2008 and Windows Vista are only available to applications running in user mode.
Requirements
Because both the client and server computers must be able to negotiate the same TLS/SSL cipher, the Schannel CNG feature requires Windows Server 2008 and Windows Vista to use the same custom cipher configured for use on both the client and server computers. In addition, the custom cipher must be prioritized above other ciphers that could be negotiated.
Configure custom cipher suites
Cipher preferences, including preferences for custom cipher suites, are configured in Windows Vista by using the SSL Cipher Suite Order policy setting in Administrative Templates\Network\SSL Configuration Settings.
Note
The Windows Vista–based computer must be restarted for these settings to take effect.
Default cipher suite preference
Windows Vista prioritizes the complete list of TLS and SSL cipher suites as shown in the following table. The cipher suite negotiated will be the highest-listed cipher suite that is supported by both the client and the server computers.
Prioritized list of TLS and SSL cipher suites
1. |
TLS_RSA_WITH_AES_128_CBC_SHA |
2. |
TLS_RSA_WITH_AES_256_CBC_SHA |
3. |
TLS_RSA_WITH_RC4_128_SHA |
4. |
TLS_RSA_WITH_3DES_EDE_CBC_SHA |
5. |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256 |
6. |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384 |
7. |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521 |
8. |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256 |
9. |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384 |
10. |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521 |
11. |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 |
12. |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384 |
13. |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521 |
14. |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256 |
15. |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 |
16. |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521 |
17. |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
18. |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
19. |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
20. |
TLS_RSA_WITH_RC4_128_MD5 |
21. |
SSL_CK_RC4_128_WITH_MD5 |
22. |
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 |
23. |
TLS_RSA_WITH_NULL_MD5 |
24. |
TLS_RSA_WITH_NULL_SHA |
Previous cipher suites
The Microsoft Schannel provider supports the cipher suites listed in the following table, but they are not enabled by default.
Previous cipher suites
1. |
RSA_EXPORT_RC4_40_MD5 |
2. |
RSA_EXPORT1024_RC4_56_SHA |
3. |
RSA_EXPORT1024_DES_CBC_SHA |
4. |
SSL_CK_RC4_128_EXPORT40_MD5 |
5. |
SSL_CK_DES_64_CBC_WITH_MD5 |
6. |
RSA_DES_CBC_SHA |
7. |
RSA_RC4_128_MD5 |
8. |
RSA_RC4_128_SHA |
9. |
RSA_3DES_EDE_CBC_SHA |
10. |
RSA_NULL_MD5 |
11. |
RSA_NULL_SHA |
12. |
DHE_DSS_EXPORT1024_DES_SHA |
13. |
DHE_DSS_DES_CBC_SHA |
14. |
DHE_DSS_3DES_EDE_CBC_SHA |
To enable any of these cipher suites, use the SSL Cipher Suite Order policy setting in Administrative Templates\Network\SSL Configuration Settings.
Note
Enabling any of these SSL cipher suites is not recommended. Future versions of Windows might not support these cipher suites.