The SSL (Secure Sockets Layer), and (its successor) TLS (Transport Layer Security) security protocols can be used to secure many types of Internet services, such as web, FTP, and e-mail communication. SSL/TLS handles negotiaton of cryptographic keys and cryptographic algorithms (ciphers), but the security of the TLS connection is both ensured and bound by the ciphers available for negotiation. To ensure security, weak encryption must be disabled and strong ciphers must be available and configured.
The 2003 server supports weak SSL/TLS ciphers in its default configuration. This is not an issue in the 2008 server. On the contrary, the 2008 server offers new and more secure setups for SSL/TLS.
The 2008 server
Windows Server 2008 was first available in February 2008, and later in R2 in July 2009. It introduces exciting new technologies such as AppFabric (high performance cache), and significant updates in the IIS 7.5. In addition, the 2008 server can be installed with a server core setup where the attack surface of the server has been reduced significantly, essentially offering only a console on the server. For those who work in a pure Microsoft environment, but occasionally miss Linux og *BSD servers (like myself), the server core installation might be the answer.
2008 Server includes Microsoft's new cryptographic framework, code named Cryptography Next Generation (CNG). CNG was developed to meet updated requirements from NSA for cryptographic software used by the U.S. government and constitutes a major update to the cryptographic support offered by the Windows Server product line.
SSL/TLS, 2003 vs 2008
The 2008 server offers up to date cryptographic capabilites, as shown by the following table (green cells indicate support):
Server 2003 | Server 2008 | Cipher suite | Cipher | Key length |
---|---|---|---|---|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | AES | 256 | ||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | AES | 256 | ||
" | TLS_RSA_WITH_AES_256_CBC_SHA | AES | 256 | |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA | AES | 256 | ||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | AES | 128 | ||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | AES | 128 | ||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA | AES | 128 | ||
" | TLS_RSA_WITH_AES_128_CBC_SHA | AES | 128 | |
TLS_RSA_WITH_RC4_128_MD5 | RC4 | 128 | ||
TLS_RSA_WITH_RC4_128_SHA | RC4 | 128 | ||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | 3DES | 112 | ||
TLS_RSA_WITH_3DES_EDE_CBC_SHA | 3DES | 112 |
The list includes ciphers that can be safely enabled in the SSL/TLS configuration, weak ciphers have been left out. Note that AES is the industry standard for the future, and is supported by the 2008 server, but not by the 2003 unless installed as a hotfix. The table shows that the 2008 server offer many more cipher suites. It is reasonable to assume that the 2003 server will never support all these algorithms, especially in light of their AES-hotfix which only adds two of these.
When comparing support for SSL/TLS protocol versions, the 2008 server comes out on top, with its support for SSL 3.0, and TLS versions up to 1.2. The 2003 server supports SSL 3.0 and TLS 1.0.
So, the lesson learned her is: If you want state-of-the-art cryptographic support, upgrade your 2003 servers to 2008!
20170518 leilei3915
ReplyDeletemont blanc pens
pandora charms
coach factory outlet
michael kors handbags
lacoste shirts
mlb jerseys wholesale
polo shirts
michael kors outlet clearance
cheap mlb jerseys
ugg boots
You may visit this page to learn about apps to catch a cheater.
ReplyDeleteYou like the most comment.
ReplyDeleteGood information and, keep sharing like this.
ReplyDeleteCrm Software Development Company in Chennai
Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
ReplyDeletepost free classified ads in india
Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
ReplyDeleteScaffolding Dealers in Chennai
Aluminium Scaffolding Dealers in Chennai
Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
ReplyDeleteweb portal development company in chennai
Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
ReplyDeletescaffolding dealers in chennai
aluminium scaffolding dealers in chennai
Very detailed comparison, please keep writing.
ReplyDelete(Michael Kors Outlet Online) thoughts (Jordan Shoes For Sale Online) at scientific tests and as a consequence creativity, Plasma tv created treatment options trade watch.
ReplyDeleteGains all the perks(Glass pitcher) (Cheap Jordan Shoes Websites) 4. Strikeouts(Glass pitcher) 5. Staff members is (New Yeezys 2020) victorious 6. Walking on in drenched feet isn your ultimate prospect of (Ray Ban Outlet Store) leisure, Regardless of what journey on the other (Coach Outlet Store Online) hand physical available one's own shoes shoes or boots (Michael Kors Outlet) are possibly. Which is which they can use some advanced suggestions about what to refill your cupboard while having. We refined much of the (New Jordan Releases 2020) stylish and a lot helpful sandals, In each sort this kind of, Intended keep feet dried out in the event going out.
Nice post thanks for sharing. Read mine also:
ReplyDeleteBellsouth server setting
Setting for Bellsouth Email
Bellsouth net Email server setting
Windows server is very important for online businessmen, and they can improve their business in short time. They should manage their server carefully and enjoy earning money. Masters dissertation writing service.
ReplyDeleteĐại lý vé máy bay Aivivu, tham khảo:
ReplyDeletegia ve may bay di my
ve may bay tu my ve viet nam
vé máy bay từ canada về việt nam giá rẻ
Máy bay từ Hàn Quốc về Việt Nam
I would like to say that this blog really convinced me to do it! Thanks, very good post.Check out the way to fix Aol Error Code 475. Lean how you can fix it at your own or feel free to call our experts on our toll-free numbers or visit our website to know more!
ReplyDeleteskycut plotter india
experts
mobileskinsoftware
silhouette cameo 4
mobileskinsoftware
ambition gifts
top sublimation
wemaketrips
This comment has been removed by the author.
ReplyDeleteThank you for posting such a great article. Keep it up mate.
ReplyDeletePractically App | Practically App Download | Practically App for PC
Informative Post! Thanks for sharing this content with us. We appreciate your efforts. Get the solution to fix the Roadrunner Email Not Working issues. Visit our blog for more details
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteNET, developed by Microsoft, is a versatile and powerful framework for building a wide range of applications, from web and mobile to desktop and cloud-based solutions. It supports multiple programming languages, including C#, VB.NET, and F#, providing a unified platform for software development. The framework offers extensive libraries, tools, and runtime environments to streamline application development, making it a popular choice among developers worldwide.
ReplyDeletetax and estate lawyer
henrico traffic lawyer
virginia uncontested divorce
virginia personal injury settlements