This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
software:win:sec:enabletls [2015/05/13 00:53] – [PS] root | software:win:sec:enabletls [2015/05/13 00:55] – [Включение/отключение протоколов TLS/SSL] root | ||
---|---|---|---|
Line 133: | Line 133: | ||
при этом 1.1 и 1.2 они оставляют в подвешенном состоянии.\\ | при этом 1.1 и 1.2 они оставляют в подвешенном состоянии.\\ | ||
- | **Отключаем SSL2 и SSL3** | + | ==== Отключаем SSL2 и SSL3 ==== |
< | < | ||
Line 154: | Line 154: | ||
" | " | ||
- | **Включаем TLS 1.1 и 1.2** | + | ==== Включаем TLS 1.1 и 1.2 ==== |
< | < | ||
Line 222: | Line 222: | ||
* Many applications that use schannel are written so that the receiver side assumes application data will be packed into a single packet. This occurs even though the application calls schannel for decryption. The applications ignore a flag that is set by schannel. The flag indicates to the application that there is more data to be decrypted and picked up by the receiver. **This method does not follow the MSDN-prescribed method of using schannel. Because the security update enforces record-splitting, | * Many applications that use schannel are written so that the receiver side assumes application data will be packed into a single packet. This occurs even though the application calls schannel for decryption. The applications ignore a flag that is set by schannel. The flag indicates to the application that there is more data to be decrypted and picked up by the receiver. **This method does not follow the MSDN-prescribed method of using schannel. Because the security update enforces record-splitting, | ||
* **Broken applications include Microsoft products and in-box components.** The following are examples of scenarios that may be broken when the SendExtraRecord registry value is set to 1: | * **Broken applications include Microsoft products and in-box components.** The following are examples of scenarios that may be broken when the SendExtraRecord registry value is set to 1: | ||
- | * All SQL products, and applications that are built onto SQL. | + | * All SQL products, and applications that are built onto SQL.\\ |
- | * Terminal Servers that have Network Level Authentication (NLA) turned on. By default, NLA is enabled in Windows Vista and later versions of Windows. | + | * Terminal Servers that have Network Level Authentication (NLA) turned on. By default, NLA is enabled in Windows Vista and later versions of Windows.\\ |
- | * Some Routing Remote Access Service (RRAS) scenarios. | + | * Some Routing Remote Access Service (RRAS) scenarios.\\ |