Forum Discussion
Windows Server vNext - TLS improvements, make TLS 1.2 the minimum standard for different areas.
Hi Server Team, it is great to see that Server vNext has enabled only TLS 1.2 and TLS 1.3 left experimental state in Internet Options (Windows System / IE) However the remark from AriaUpdated ...
Dear Server Team,
testing on build 20317 it still seems the OS is not configured securely except from Internet Explorer Options.
This includes the default config to enable and enforce TLS 1.2:
- SChannel Client and Server (including dependencies to IIS)
- PowerShell 5.1
- .net 3.5
- .net 4.x
- WinHTTP
Imho securing IE options is not enough. Are there any plans to improve the situation for Windows 10 21H2 and Server 2022 LTSC / Windows 10 2022 LTSC?
If needed I could provide you 2 sets of configurations that are considered secure and compatible with Windows 10 clients / server and another one still allowing Win7 / 2008R2 (only a difference of one ciphersuite.
testing on build 20317 it still seems the OS is not configured securely except from Internet Explorer Options.
This includes the default config to enable and enforce TLS 1.2:
- SChannel Client and Server (including dependencies to IIS)
- PowerShell 5.1
- .net 3.5
- .net 4.x
- WinHTTP
Imho securing IE options is not enough. Are there any plans to improve the situation for Windows 10 21H2 and Server 2022 LTSC / Windows 10 2022 LTSC?
If needed I could provide you 2 sets of configurations that are considered secure and compatible with Windows 10 clients / server and another one still allowing Win7 / 2008R2 (only a difference of one ciphersuite.