Net Lab

User Tools

Site Tools

You are here: index » software » win » sec » enabletls
software:win:sec:enabletls

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
software:win:sec:enabletls [2015/05/13 00:53]
– [PS] root		software:win:sec:enabletls [2015/05/13 00:57]
– [Дополнительные настройки TLS/SSL] root
Line 133: Line 133:
 при этом 1.1 и 1.2 они оставляют в подвешенном состоянии.\\ при этом 1.1 и 1.2 они оставляют в подвешенном состоянии.\\
  
-**Отключаем SSL2 и SSL3**+==== Отключаем SSL2 и SSL3 ====
 <code>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0] <code>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
  
Line 154: Line 154:
 "Enabled"=dword:00000000</code> "Enabled"=dword:00000000</code>
  
-**Включаем TLS 1.1 и 1.2**+==== Включаем TLS 1.1 и 1.2 ====
 <code>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1] <code>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
  
Line 214: Line 214:
  
  
-И на последок, есть такая утилита: [[https://www.nartac.com/Products/IISCrypto/Default.aspx]] +===== Утилита ===== 
-<img src="http://habrastorage.org/getpro/habr/post_images/4bf/243/ebf/4bf243ebfc01431c20aba2e39612514c.png" alt="image"/>+И на последок, есть такая утилита: [[https://www.nartac.com/Products/IISCrypto/Default.aspx]]\\ 
 +{{:ru:software:win:sec:iis_crypto.png|}}
  
  
Line 222: Line 223:
   * Many applications that use schannel are written so that the receiver side assumes application data will be packed into a single packet. This occurs even though the application calls schannel for decryption. The applications ignore a flag that is set by schannel. The flag indicates to the application that there is more data to be decrypted and picked up by the receiver. **This method does not follow the MSDN-prescribed method of using schannel. Because the security update enforces record-splitting, this breaks such applications.**   * Many applications that use schannel are written so that the receiver side assumes application data will be packed into a single packet. This occurs even though the application calls schannel for decryption. The applications ignore a flag that is set by schannel. The flag indicates to the application that there is more data to be decrypted and picked up by the receiver. **This method does not follow the MSDN-prescribed method of using schannel. Because the security update enforces record-splitting, this breaks such applications.**
   * **Broken applications include Microsoft products and in-box components.** The following are examples of scenarios that may be broken when the SendExtraRecord registry value is set to 1:   * **Broken applications include Microsoft products and in-box components.** The following are examples of scenarios that may be broken when the SendExtraRecord registry value is set to 1:
- * All SQL products, and applications that are built onto SQL. + * All SQL products, and applications that are built onto SQL.\\ 
- * Terminal Servers that have Network Level Authentication (NLA) turned on. By default, NLA is enabled in Windows Vista and later versions of Windows. + * Terminal Servers that have Network Level Authentication (NLA) turned on. By default, NLA is enabled in Windows Vista and later versions of Windows.\\ 
- * Some Routing Remote Access Service (RRAS) scenarios.+ * Some Routing Remote Access Service (RRAS) scenarios.\\
  
software/win/sec/enabletls.txt · Last modified: 2022/02/05 04:38 by root

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki