This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
software:win:sec:enabletls [2015/05/13 00:52] – создано root | software:win:sec:enabletls [2015/05/13 00:57] – [Дополнительные настройки TLS/SSL] root | ||
---|---|---|---|
Line 133: | Line 133: | ||
при этом 1.1 и 1.2 они оставляют в подвешенном состоянии.\\ | при этом 1.1 и 1.2 они оставляют в подвешенном состоянии.\\ | ||
- | **Отключаем SSL2 и SSL3** | + | ==== Отключаем SSL2 и SSL3 ==== |
< | < | ||
Line 154: | Line 154: | ||
" | " | ||
- | **Включаем TLS 1.1 и 1.2** | + | ==== Включаем TLS 1.1 и 1.2 ==== |
< | < | ||
Line 214: | Line 214: | ||
- | И на последок, | + | ===== Утилита ===== |
- | <img src=" | + | И на последок, |
+ | {{:ru: | ||
Line 222: | Line 223: | ||
* Many applications that use schannel are written so that the receiver side assumes application data will be packed into a single packet. This occurs even though the application calls schannel for decryption. The applications ignore a flag that is set by schannel. The flag indicates to the application that there is more data to be decrypted and picked up by the receiver. **This method does not follow the MSDN-prescribed method of using schannel. Because the security update enforces record-splitting, | * Many applications that use schannel are written so that the receiver side assumes application data will be packed into a single packet. This occurs even though the application calls schannel for decryption. The applications ignore a flag that is set by schannel. The flag indicates to the application that there is more data to be decrypted and picked up by the receiver. **This method does not follow the MSDN-prescribed method of using schannel. Because the security update enforces record-splitting, | ||
* **Broken applications include Microsoft products and in-box components.** The following are examples of scenarios that may be broken when the SendExtraRecord registry value is set to 1: | * **Broken applications include Microsoft products and in-box components.** The following are examples of scenarios that may be broken when the SendExtraRecord registry value is set to 1: | ||
- | ** All SQL products, and applications that are built onto SQL. | + | * All SQL products, and applications that are built onto SQL.\\ |
- | ** Terminal Servers that have Network Level Authentication (NLA) turned on. By default, NLA is enabled in Windows Vista and later versions of Windows. | + | * Terminal Servers that have Network Level Authentication (NLA) turned on. By default, NLA is enabled in Windows Vista and later versions of Windows.\\ |
- | ** Some Routing Remote Access Service (RRAS) scenarios. | + | * Some Routing Remote Access Service (RRAS) scenarios.\\ |