Introduction (SSL/TLS in Windows Server 2003)

Applies To: Windows Server 2003 with SP1

How can you secure data being sent between applications across an untrusted network? The Security Support Provider Interface (SSPI) in the Microsoft® Windows Server™ 2003 operating system provides one answer to this very common security question. SSPI is an application interface that provides the security services for Windows Server 2003. SSPI supports Schannel, an interface that implements three industry standard protocols:

  • Transport Layer Security (TLS) version 1.0

  • Secure Sockets Layer (SSL) version 3.0

  • Secure Sockets Layer (SSL) version 2.0

SSL/TLS is most widely recognized as the protocol that provides secure HTTP (HTTPS) for internet transactions between Web browsers and Web servers. It can also be used for other application level protocols such as FTP, LDAP, and SMTP. The SSL/TLS protocol enables server authentication, client authentication, data encryption and data integrity over networks such as the World Wide Web.

SSPI is documented in the Microsoft Platform Software Development Kit (SDK), which also includes sample applications.

History and Standards for SSL and TLS

SSL was developed by Netscape Communications Corporation in 1994 to secure transactions over the World Wide Web. Soon after, the Internet Engineering Task Force (IETF) began work to develop a standard protocol to provide the same functionality. SSL 3.0 was used as the basis for that work, which is known as the Transport Layer Security protocol (TLS). The implementation of the SSL/TLS protocol in Windows Server 2003 closely follows the specification defined in RFC 2246, “The TLS Protocol Version 1.0.”

Differences Between SSL and TLS

Although there are some slight differences between SSL 3.0 and TLS 1.0, this paper will refer to the protocol as SSL/TLS. One important difference is that TLS 1.0 applies a Keyed-Hashing for Message Authentication Code (HMAC) algorithm, whereas SSL 3.0 applies the Message Authentication Code (MAC) algorithm. The HMAC produces an integrity check value as the MAC does, but with a hash function construction that makes the hash much harder to break. For more information about the HMAC, see “The Handshake Protocol” later in this paper.

Note

Although their differences are minor, TLS 1.0 and SSL 3.0 do not interoperate. If the same protocol is not supported by both parties, the parties must negotiate a common protocol to communicate successfully.

Benefits of SSL/TLS

SSL/TLS provides numerous benefits to clients and servers, including:

Strong authentication, message privacy, and integrity. The primary feature of SSL/TLS is the ability to secure transmitted data using encryption. SSL/TLS also offers server authentication and, optionally, client authentication to prove the identities of parties engaged in secure communication. It also provides data integrity through an integrity check value. In addition to protecting against data disclosure through encryption, the SSL/TLS security protocol can be used to protect against masquerade attacks, man-in-the-middle or bucket brigade attacks, rollback attacks, and replay attacks.

Interoperability. SSL/TLS works with most Web browsers, including Microsoft Internet Explorer and Netscape Navigator, and on most operating systems and Web servers including the Microsoft® Windows operating system, UNIX, Novell, Apache (version 1.3 and later), Netscape Enterprise Server, and Sun Solaris. In addition, it is often integrated in news readers, LDAP servers, and a variety of other applications.

Algorithm flexibility. SSL/TLS provides options for the authentication mechanisms, encryption algorithms, and hashing algorithms that will be used during the secure session.

Ease of deployment. SSL/TLS is used transparently by many applications on Windows Server 2003. Using SSL for secure browsing when using Internet Explorer and Internet Information Services (IIS) is as easy as selecting a check box.

Ease of use. Because SSL/TLS is implemented beneath the application layer, most of its operations are completely invisible to the client. This allows the client to have little or no knowledge of secure communications and still be protected from attackers.

Drawbacks of SSL/TLS

There are a few drawbacks to using SSL/TLS, including:

Increased processor load. This is the most significant drawback to implementing SSL/TLS. Cryptography, specifically public key operations, are CPU intensive. As a result, there is a performance penalty when using SSL. Unfortunately, there is no single answer to the frequently asked question: how much of performance penalty? The penalty varies widely depending on how often connections are established and how long they last. The greatest overhead occurs while connections are being set up.

Administrative overhead. An SSL/TLS environment is complex and requires maintenance; the system administrator needs to configure the system and manage certificates.