Introducing Token Binding

• Vzťahuje sa na:

  ✅ Windows Server 2025, ✅ Windows Server 2022, ✅ Windows Server 2019, ✅ Windows Server 2016

The Token Binding protocol allows applications and services to cryptographically bind their security tokens to the TLS layer to mitigate token theft and replay attacks. The long-lived, uniquely identifiable TLS [RFC5246] bindings can span multiple TLS sessions and connections.

Version support:

• Windows 10, version 1507 – Off by default
  • Token Binding Protocol added [draft-ietf-tokbind-protocol-01]
  • WinInet & HTTP.SYS support of token binding over HTTP [draft-ietf-tokbind-https-01]
• Windows 10, versions 1511 and 1607, and Windows Server 2016 – On by default
  • Token Binding Protocol updated [draft-ietf-tokbind-protocol-01]
  • TLS extension for token binding negotiation added [draft-popov-tokbind-negotiation-00]
  • WinInet & HTTP.SYS support of token binding over HTTP updated [draft-ietf-tokbind-https-02]
• Windows 10, version 1507 with servicing update KB4034668, Windows 10, version 1511 with servicing update KB4034660, Windows 10, version 1607 and Windows Server 2016 with servicing update KB4034658 support Token Binding Protocol version 0.10 – On by default
  • Token Binding Protocol updated [draft-ietf-tokbind-protocol-10]
  • TLS extension for token binding negotiation added [draft-ietf-tokbind-negotiation-05]
  • WinInet & HTTP.SYS support of token binding over HTTP updated [draft-ietf-tokbind-https-06]
• Windows 10, version 1703 supports Token Binding Protocol version 0.10 – On by default
  • Token Binding Protocol updated [draft-ietf-tokbind-protocol-10]
  • TLS extension for token binding negotiation added [draft-ietf-tokbind-negotiation-05]
  • WinInet & HTTP.SYS support of token binding over HTTP updated [draft-ietf-tokbind-https-06]
  • Windows devices with Virtualization-based security enabled will keep the token binding keys in a protected environment that is isolated from the running operating system

Information about ASP .NET support can be found at the .NET Framework Reference Source.

For information about .NET Framework, see the following topics:

• Networking enhancements

• .NET TokenBinding class