Perfect Forward Secrecy Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT


ATTENTION: due to the termination of my provider's homepage service, the web pages and all content located below http://home.arcor.de/skanthak/ will become unavailable on January 31, 2017!

All web pages and other content will then be available solely on https://skanthak.homepage.t-online.de/.
Please update your bookmarks and references!


Perfect Forward Secrecy

Purpose

The setup scripts NT6_PFS.INF (for Microsoft® Windows® 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012) and NT60_PFS.INF (for Windows Vista and Windows Server 2008) configure Windows' SSL/TLS package SChannel to use Cipher Suites which provide Perfect Forward Secrecy per default.

The setup scripts also disable deprecated, insecure or weak cryptographic algorithms, ciphers, hashes and protocols, as recommended in the Security Advisories 2868725 and 3009008 or the MSKB articles 2868725 and 3009008 respectively.
Additionally the setup scripts disable the deprecated, insecure or weak protocols SSL v2.0, SSL v3.0 and TLS v1.0, and enable the protocols TLS v1.1 and TLS v1.2 in Internet Explorer.

Reason

See the recommendations and notes in the MSKB articles 2643584, 3009008, 2973337, 3012774, 3117336, the MSDN article HTTPS Security Improvements in Internet Explorer 7, and the TechNet article Introducing TLS v1.2.

Also see the IETF's RFCs 6151, 6176, 7465 and 7568.

Dependencies

To enable the TLS cipher suites TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256, the security update 2992611 alias MS14-066, its successor 3046049 alias MS15-031, or 3042058 has to be installed.

To enable the TLS cipher suites TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA, the update 3161639, which is part of the optional update 3172605, has to be installed.

To enable RSA/SHA512 and EDCSA/SHA512 signatures with TLS v1.2, the update 2973337 has to be installed.
For Windows 8 and Windows Server 2012 this update is included in the update 2975331; for Windows 8.1 and Windows Server 2012 R2 it is included in the update 2975719.
Note: Windows Vista and Windows Server 2008 don't support TLS v1.2!

Validation

Visit How's my SSL?, SSL Client Test or SSL Cipher Suite Details of Your Browser with Internet Explorer after the reboot following the installation of the setup script.

Implementation

The setup scripts modify the Registry entries of the SChannel package documented in the MSKB article 245030, change the order of the TLS Cipher Suites in the Registry entry
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002]
"Functions"=multi:…
and request a reboot to make the new cipher order effective.

Caveat: Windows' CBS may overwrite the Registry entry

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002]
"Functions"=multi:…
every time an update for the SChannel package is installed.
When this happens just rerun the setup script to undo the damage!

Additional updates

For further improvements of hashing algorithms and protocols see the Security Advisories 2949927 and 2977292 or the MSKB articles 2949927 and 2977292 respectively.

Background information

On April 8, 2014 Microsoft published the update 2929781 for Windows 8.1 and Windows Server 2012 R2 which enables Perfect Forward Secrecy per default by reordering the supported TLS Cipher Suites.

Despite numerous requests from its customers, for example Better support for Perfect forward secrecy, Microsoft has but not published corresponding updates for Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Vista and Windows Server 2008, although these versions of Windows NT support Perfect Forward Secrecy too.

Note: Windows' IPsec implementation supports Perfect Forward Secrecy since many years; see the MSKB articles 252735, 301284 and 816514 as well as the TechNet article Key exchange methods.

Code authenticity and integrity

SCHANNEL.CAB is digitally signed using an X.509 certificate issued by WEB.DE TrustCenter E-Mail Certification Authority.
Serial number
73420882
0x04605052
Fingerprint
MD5: e5 0b 01 66 ce 2e 7a 03 f4 98 39 37 f6 f9 9f ba
SHA-1: 79 05 5d 63 2f 03 31 83 04 e2 ff 3b 25 b9 cc b6 70 ad ec 31
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwoDvctTIkyz5KyHlms35ue9lm7I2yPVqZbRjGL26OKxei/R9APYKA47yoJQu
QZvr0husZPI/XQEGDicmBH1Gw/T821Y/E3pwUrumhw2dRI83Vn3wqO1OaAfkcOxjtNthr04r
YT+8f1SJtZabDP0Fv7dF4ltrUSwvy+lxV4jLLU2y7qtJ6XawLHEIBZAurozEGUVlgF93nsIZ
ydcHLxQzUEbSSsegkeY+aaaC/pGFE9Q3P3c4Nn5kOwK8ElwPwbHFMiK4t8RT3DSPXX0XQl2M
yoB3XAhZj6VOC9JyHC4COVSTnbFz3mmDkxYL/qyKFkDH/V5JWZhEv+T0Rl2Bebh91wIDAQAB
-----END RSA PUBLIC KEY-----
Download and install the CA and root X.509 certificates of WEB.DE to validate and verify the digital signature.

Note: the digital signature remains valid past the certificates expiration date due to its counter signature alias timestamp!

Download

The setup scripts NT6_PFS.INF and NT60_PFS.INF are packaged in the (compressed and digitally signed) cabinet file SCHANNEL.CAB.

Installation

The installation requires administrative privileges and needs a reboot to recognize the configuration change.

Automatic online installation

If visited with Internet Explorer, this web page will prompt to install (the contents of) the package using Internet Component Download.

Manual offline installation

Download the package SCHANNEL.CAB and verify its digital signature, then open it in Windows Explorer, extract its contents, right-click the extracted setup script NT6_PFS.INF or NT60_PFS.INF respectively to display its context menu and click Install to run the installation.

Deinstallation

The deinstallation requires administrative privileges and needs a reboot to recognize the configuration change.

Open the Control Panel and click the entry View installed updates underneath the Programs and Features or Programs category.
In Installed Updates select the entry 'Perfect Forward Secrecy' für 'Windows Vista/2008' or 'Perfect Forward Secrecy' für 'Windows 7/2008 R2/8.x/2012 [R2]' respectively underneath Systemkonfiguration and click the Uninstall menu entry.

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, errors, inaccuracies, omissions, vulnerabilities or weaknesses, …:
don't hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Notes: I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely to be discarded.
I abhor top posts and expect inline quotes in replies.

Terms and conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!
[Counter]
• Copyright © 1995-2017 • Stefan Kanthak • <­skanthak­@­arcor­.­de­>