There have few discussion about vulnerability in TLS ( Transport Layer Security ) v1.0 recently, there have security concern over TLS 1.0 when two researchers are demostrating their method "BEAST" to bypass and breaking an encrypted PalPal cookies during Ekoparty conference. This topic also posted in THE REGISTER - "Hackers break SSL encryption used by millions of sites - Beware of BEAST decrypting secret PayPal cookies"
This attack only works for communication encrypted with TLS 1.0 or less version. Currently there have two client browsers support TLS 1.2 which Opera and IE9 only.
By Default, Windows 7 support TLS 1.1 and TLS 1.2 protocol. To enable the use of protocols that will not negotiated by default.Change the DWORD value data of the DisabledByDefault value to 0x0 in each of the following registry keys under Protocols key.
SCHANNEL\Protocols\TLS 1.1\Client
SCHANNEL\Protocols\TLS 1.1\Server
SCHANNEL\Protocols\TLS 1.2\Client
SCHANNEL\Protocols\TLS 1.2\Server
Those Subkey are located under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL "
Details about thoe to Restrict the Use of Certain Cryptographic Algorithms can be found from Microsoft Support. http://support.microsoft.com/kb/245030
To verify the changes, you may try to test it out on few TLS interop servers in internet.
- http://www.mikestoolbox.org - Detect client browser TLS version.
- http://tls.secg.org/index1.php?action=preconnect - Certicom’s interop server which shows you details about the entire handshake.
- http://tls.woodgrovebank.com - Microsoft’s TLS interop server
Updated 13-Oct-2011:
- Apple iOS 5 added support for TLS1.2
0 comments:
Post a Comment