TLS server authentication: Deprecation of weak RSA certificates
Published May 09 2024 10:00 AM 10.9K Views
Microsoft

TLS server authentication is becoming more secure across Windows. Weak RSA key lengths for certificates will be deprecated on future Windows OS releases later this year. Specifically, this affects TLS server authentication certificates chaining to roots in the Microsoft Trusted Root Program. Please read on to learn more about the upcoming changes.

Deprecation of weak RSA key lengths

TLS server authentication certificates are used to verify the identity of the server to a client and to establish secure connections between client and server. So far, you've been able to use 1024 bits as the shortest key length for RSA encryption. However, 1024-bit key lengths today provide insufficient security given the advancement of computing power and cryptanalysis techniques. Therefore, they will be discontinued in the last quarter of this calendar year.

Here's a timeline of the journey toward key lengths of 2048 bits or longer:

  • 2012: Our first advisory encourages moving away from keys shorter than 1024 bits.
  • 2013: The National Institute of Science and Technology (NIST) recommends discontinuing the use of 1024-bit RSA keys.
  • 2016: You've been able to follow our Certification Authority Guidance to start implementing longer keys, among other measures.
  • April 2024: The new recommended standard is available to those in the Windows Insider Program.
  • Late 2024: 1024-bit RSA keys will be deprecated to further align with the latest internet standards and regulatory bodies.

In the coming months, Microsoft will begin to deprecate the use of TLS server authentication certificates using RSA key lengths shorter than 2048 bits on Windows Client. We recommend you use a stronger solution of at least 2048 bits length or an ECDSA certificate, if possible.

Important
TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted by this change. Most organizations should not be affected by this change. Still, we recommend following best practices to update your RSA keys.

Microsoft's definition of deprecation

Generally, when a feature or product is deprecated at Microsoft, it's no longer in active development and may be removed in future releases of a product or online service. It will continue to be supported until its eventual removal. After removal, that product or feature will no longer be supported and will no longer work. Learn more at Deprecated features in the Windows client.

Why is this key length being deprecated?

If you use Windows or Azure, you know that security is our priority. Microsoft is committed to helping keep your organization protected and productive. As technology advances, weaker key lengths are at risk of breaking. To prevent that scenario from affecting you, we're taking preventive measures.

Will this change affect the RSA algorithm?

No. Support for the RSA algorithm itself will not be affected. Rather, the minimum allowable key length for RSA keys used on Windows OS will change to 2048 bits.

Next steps in securing connections between client and server

Do you still use weak TLS server authentication certificates? Try one of these two solutions:

  • Switch to new TLS server authentication certificates with RSA key lengths of 2048 bits or higher for all your applications or services.
  • Switch to smaller and faster ECDSA certificates.

If you switch to longer RSA keys and experience issues, you can use the following regkey as a temporary workaround:

certutil -setreg chain\minWeakRsaPubKeyBitLength 0xFFFFFFFF

To change your solution to use a different key length, please enable the following:

certutil -setreg chain\minWeakRsaPubKeyBitLength <maxkeylength>

where maxkeylength is the maximum size allowed.

When you're ready to disable this workaround, just set the minWeakRsaPubKeyBitLength value back to 2047.

Important
You should not change the key length unless you're confident that no keys of the specified length are in use and/or you understand the implications.

Another healthy alternative to strengthening your RSA certificates is switching to ECDSA certificates. For a refresher, see where they fit in the broader Cryptography and Certificate Management. Get started with ECDSA certificates at Cipher Suites in TLS/SSL (Schannel SSP).

Learn more and get more secure

To learn more about complying with the latest internet standards for server-client authentication, please visit:


Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.

1 Comment
Co-Authors
Version history
Last update:
‎May 09 2024 10:04 AM
Updated by: