TLS/SSL Security Considerations
Updated: June 12, 2014
Applies To: Windows Vista, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8
This reference topic for the IT professional describes the known security issues and mitigations for the Schannel Security Support Provider (SSP), the Transport Layer Security (TLS) protocol, and the Secure Sockets Layer (SSL) protocol.
Security objectives fit into three functional categories: confidentiality, integrity, and availability. Availability can further be divided into protecting data from disclosure to unauthorized users or data corruption, and the unintended prevention of access to authorized users.
The TLS and SSL protocols are based on public key cryptography. The Schannel authentication protocol suite provides these protocols. All Schannel protocols use a client computer and server model. For more information about the Schannel SSP, see What are TLS, SSL, and Schannel?
The following table lists the possible risks to these security objectives when you implement the Schannel SSP.
SSL 2.0 is disabled by default on the Windows client versions designated in the Applies To list at the beginning of this topic.
Protocol and version
Description of Vulnerability
A spoofing vulnerability exists in the TLS/SSL protocol, which is implemented in the Windows Schannel authentication component. A malicious user who successfully exploits this vulnerability could introduce information on a TLS/SSL-protected connection, effectively sending traffic that spoofs the authenticated client.
Attacks on the most commonly used ciphers and modes of operation.
Attacks described include:
This vulnerability affects the protocol itself, and it is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use cipher-block chaining (CBC) mode are not affected.