Schannel cipher suites and ChaCha20
Is there a blog or other communications channel devoted to the PKI internals of Windows? Most security researchers focus on Linux web servers/OpenSSL, but there are folks in the Windows world who really care about this stuff too, and we'd like to hear about what the Windows PKI developers are working on and planning, and perhaps interact with comments and suggestions.

Because I couldn't find any discussion about Schannel development, I started a feature suggestion on the Windows User Voice site for Microsoft to add ChaCha20-Poly1305 cipher suites to Schannel, mostly for the benefit of mobile visitors to IIS websites, but also to help Windows phones and tablets that don't have integrated CPU extensions for GCM encryption (improved speed and reduced power consumption).

It's frustrating to be a security-focused IIS website administrator. Schannel is a "black box" that we can't tinker with or extend ourselves, and support for modern ciphers has been lagging behind other website and client software (it looks like we'll at least finally get strong and forward secret ECDHE_RSA + AES + GCM suites with Windows 10 and Server vNext/2016). The methods for configuring cipher suite orders and TLS versions could really use a rethink too (thank goodness for IISCrypto).
April 23rd, 2015 6:28pm

Hi Jamie_E,

May the following article can help you,

Cipher Suites in Schannel

http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx

Managing SSL for a Client Access Server

http://technet.microsoft.com/en-us/library/bb310795.aspx

Configuring Secure Sockets Layer in IIS 7

http://technet.microsoft.com/en-us/library/cc771438(WS.10).aspx

How to enable Schannel event logging in IIS

https://vkbexternal.partners.extranet.microsoft.com/VKBWeb/?portalId=1#

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll

http://support.microsoft.com/kb/245030/EN-US

Im glad to be of help to you!

Free Windows Admin Tool Kit Click here and download it now
April 26th, 2015 11:26pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics