TLS/SSL Cryptographic Enhancements

Overview

Microsoft has added new TLS extensions that enable the support of both AES and new ECC (elliptic curve cryptography) cipher suites. In addition, custom cryptographic mechanisms can now be implemented and used with Schannel as custom cipher suites. Schannel is the Windows security package that implements TLS and SSL.

AES cipher suites

The support for AES (which is not available in Microsoft Windows® 2000 Server or Windows Server 2003) is important because AES has become a National Institute of Standards and Technology (NIST) standard. To ease the process of bulk encryption, cipher suites that support AES have been added. The following list is the subset of TLS AES cipher suites defined in Request for Comments (RFC) 3268, "Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)," (https://go.microsoft.com/fwlink/?LinkId=105879) that are available in Windows Vista:

  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  • TLS_DHE_DSS_WITH_AES_256_CBC_SHA

Requirements

To negotiate these new cipher suites, the client and server computers must be running either Windows Vista or Windows Server 2008.

Configure AES

For information about the registry entries used to configure TLS/SSL ciphers in previous versions of Windows, see TLS/SSL Tools and Settings (https://go.microsoft.com/fwlink/?LinkId=105880). These settings are only available for cipher suites included with Windows operating systems earlier than Windows Vista and are not supported for AES. Cipher preferences are configured in Windows Vista by enabling the SSL Cipher Suite Order policy setting in Administrative Templates\Network\SSL Configuration Settings.

Note

The Windows Vista–based computer must be restarted for any setting changes to take effect.

ECC cipher suites

ECC is a key-generation technique that is based on elliptic curve theory and is used to create more efficient and smaller cryptographic keys. ECC key generation differs from the traditional method that uses the product of very large prime numbers to create keys. Instead, ECC uses an elliptic curve equation to create keys. ECC keys are approximately six times smaller than the equivalent strength traditional keys, which significantly reduces the computations that are needed during the TLS handshake to establish a secure connection.

In Windows Vista, the Schannel security service provider includes new cipher suites that support ECC cryptography. ECC cipher suites can now be negotiated as part of the standard TLS handshake. The subset of ECC cipher suites defined in RFC 4492, "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)," (https://go.microsoft.com/fwlink/?LinkId=105881) that are available in Windows Vista is shown in the following list:

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521

The ECC cipher suites use three NIST curves: P-256 (secp256r1), P-384 (secp384r1), and P-521 (secp521r1).

Requirements

To use the ECDHE_ECDSA cipher suites, ECC certificates must be used. Rivest-Shamir-Adleman (RSA) certificates can be used to negotiate the ECDHE_RSA cipher suites. Additionally, the client and server computers must be running either Windows Vista or Windows Server 2008.

Configure ECC cipher suites

Cipher preferences are configured in Windows Vista by using the SSL Cipher Suite Orderpolicy setting in Administrative Templates\Network\SSL Configuration Settings.

Note

The Windows Vista–based computer must be restarted for these settings to take effect.

Schannel CNG provider model

Microsoft introduced a new implementation of the cryptographic libraries with Windows Vista that is referred to as Cryptography Next Generation, or CNG. CNG allows for an extensible provider model for cryptographic algorithms.

Schannel, which is Microsoft's implementation of TLS/SSL for Windows Server 2008 and Windows Vista, uses CNG so that any underlying cryptographic mechanisms can be used. This allows organizations to create new cipher suites or reuse existing ones when used with Schannel. The new cipher suites included with Windows Server 2008 and Windows Vista are only available to applications running in user mode.

Requirements

Because both the client and server computers must be able to negotiate the same TLS/SSL cipher, the Schannel CNG feature requires Windows Server 2008 and Windows Vista to use the same custom cipher configured for use on both the client and server computers. In addition, the custom cipher must be prioritized above other ciphers that could be negotiated.

Configure custom cipher suites

Cipher preferences, including preferences for custom cipher suites, are configured in Windows Vista by using the SSL Cipher Suite Order policy setting in Administrative Templates\Network\SSL Configuration Settings.

Note

The Windows Vista–based computer must be restarted for these settings to take effect.

Default cipher suite preference

Windows Vista prioritizes the complete list of TLS and SSL cipher suites as shown in the following table. The cipher suite negotiated will be the highest-listed cipher suite that is supported by both the client and the server computers.

Prioritized list of TLS and SSL cipher suites

1.

TLS_RSA_WITH_AES_128_CBC_SHA

2.

TLS_RSA_WITH_AES_256_CBC_SHA

3.

TLS_RSA_WITH_RC4_128_SHA

4.

TLS_RSA_WITH_3DES_EDE_CBC_SHA

5.

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256

6.

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384

7.

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521

8.

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256

9.

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384

10.

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521

11.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

12.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384

13.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521

14.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256

15.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384

16.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521

17.

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

18.

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

19.

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

20.

TLS_RSA_WITH_RC4_128_MD5

21.

SSL_CK_RC4_128_WITH_MD5

22.

SSL_CK_DES_192_EDE3_CBC_WITH_MD5

23.

TLS_RSA_WITH_NULL_MD5

24.

TLS_RSA_WITH_NULL_SHA

Previous cipher suites

The Microsoft Schannel provider supports the cipher suites listed in the following table, but they are not enabled by default.

Previous cipher suites

1.

RSA_EXPORT_RC4_40_MD5

2.

RSA_EXPORT1024_RC4_56_SHA

3.

RSA_EXPORT1024_DES_CBC_SHA

4.

SSL_CK_RC4_128_EXPORT40_MD5

5.

SSL_CK_DES_64_CBC_WITH_MD5

6.

RSA_DES_CBC_SHA

7.

RSA_RC4_128_MD5

8.

RSA_RC4_128_SHA

9.

RSA_3DES_EDE_CBC_SHA

10.

RSA_NULL_MD5

11.

RSA_NULL_SHA

12.

DHE_DSS_EXPORT1024_DES_SHA

13.

DHE_DSS_DES_CBC_SHA

14.

DHE_DSS_3DES_EDE_CBC_SHA

To enable any of these cipher suites, use the SSL Cipher Suite Order policy setting in Administrative Templates\Network\SSL Configuration Settings.

Note

Enabling any of these SSL cipher suites is not recommended. Future versions of Windows might not support these cipher suites.

See Also

Concepts

Windows Vista Authentication Features