Microsoft Exchange and Active Directory Blog
Configuring SCHANNEL settings for SSL 3.0 and TLS 1.0, for example, is possible under Windows using the registry. For a larger number of servers or computers, however, group policies are more suitable for configuration, so I have created corresponding templates that make the settings in the registry. Foreword The group policies record changes to the registry ... Read more
ADM for SSL / TLS / Cipher / Hashes The following settings are possible: Protocols: Unified Hello activate/deactivate PCT 1.0 GPO activate/deactivate SSL 2.0 activate/deactivate SSL 3.0 activate/deactivate TLS 1.0 activate/deactivate TLS 1.1 activate/deactivate TLS 1.2 activate/deactivate Cipher: NULL activate/deactivate DES 56/56 activate/deactivate RC2 40/128 activate/deactivate RC2 56/128 activate/deactivate RC4 40/128 activate/deactivate RC4 56/128 activate/deactivate RC4 ... Read more
From 01.01.2016, Microsoft will declare SSL certificates with SHA1 as the hash algorithm invalid. Web servers or services that use certificates with SHA1 will therefore trigger certificate warnings in the user's browser. Therefore, SHA1 certificates should be replaced slowly but surely. In order for an internal CA to issue certificates with SHA256 (SHA2), the CA must ... Read more
