TLS/SSL Security Considerations

  • Article

 

Applies To: Windows Vista, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This reference topic for the IT professional describes the known security issues and mitigations for the Schannel Security Support Provider (SSP), the Transport Layer Security (TLS) protocol, and the Secure Sockets Layer (SSL) protocol.

Security objectives fit into three functional categories: confidentiality, integrity, and availability. Availability can further be divided into protecting data from disclosure to unauthorized users or data corruption, and the unintended prevention of access to authorized users.

The TLS and SSL protocols are based on public key cryptography. The Schannel authentication protocol suite provides these protocols. All Schannel protocols use a client computer and server model. For more information about the Schannel SSP, see What are TLS, SSL, and Schannel?

The following table lists the possible risks to these security objectives when you implement the Schannel SSP.

Note

SSL 2.0 is disabled by default on the Windows client versions designated in the Applies To list at the beginning of this topic.

Protocol and version

Description of Vulnerability

Resources

SSL 3.0

TLS 1.0

A spoofing vulnerability exists in the TLS/SSL protocol, which is implemented in the Windows Schannel authentication component. A malicious user who successfully exploits this vulnerability could introduce information on a TLS/SSL-protected connection, effectively sending traffic that spoofs the authenticated client.

Microsoft Security Bulletin MS10-049 - Critical

TLS

DTLS

Attacks on the most commonly used ciphers and modes of operation.

Summarizing Current Attacks on TLS and DTLS

TLS

SSL 3.0

Attacks described include:

  • Renegotiation attack

  • Version rollback attack

  • BEAST attack

  • CRIME and BREACH attacks

  • Padding attacks

  • RC4 attacks

  • Truncation attack

Transport Layer Security - Wikipedia

SSL 3.0

TLS 1.0

This vulnerability affects the protocol itself, and it is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use cipher-block chaining (CBC) mode are not affected.

Microsoft Security Bulletin MS12-006 - Important

See also

Schannel Security Support Provider Technical Reference