Disclaimer

Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).

Sep 5, 2010

Windows server 2003 vs 2008, SSL/TLS comparison

There are many differences between the Windows server 2003 and the 2008 version. We'll focus on the SSL/TLS support in 2003 vs 2008, there are important differences in both default configuration and cryptographic support.

The SSL (Secure Sockets Layer), and (its successor) TLS (Transport Layer Security) security protocols  can be used to secure many types of Internet services, such as web, FTP,  and e-mail communication. SSL/TLS handles negotiaton of cryptographic keys and cryptographic algorithms (ciphers), but the security of the TLS connection is both ensured and bound by the ciphers available for negotiation. To ensure security, weak encryption must be disabled and strong ciphers must be available and configured.  

The 2003 server supports weak SSL/TLS ciphers in its default configuration. This is not an issue in the 2008 server. On the contrary, the 2008 server offers new and more secure setups for SSL/TLS.

The 2008 server 
Windows Server 2008 was first available in February 2008, and later in R2 in July 2009. It introduces exciting new technologies such as AppFabric (high performance cache), and significant updates in the IIS 7.5. In addition, the 2008 server can be installed with a server core setup where the attack surface of the server has been reduced significantly, essentially offering only a console on the server. For those who work in a pure Microsoft environment, but occasionally miss Linux og *BSD servers (like myself), the server core installation might be the answer.

2008 Server includes Microsoft's new cryptographic framework, code named Cryptography Next Generation (CNG). CNG was developed to meet updated requirements from NSA for cryptographic software used by the U.S. government and constitutes a major update to the cryptographic support offered by the Windows Server product line.

SSL/TLS, 2003 vs 2008
The 2008 server offers up to date cryptographic capabilites, as shown by the following table (green cells indicate support):

Server 2003Server 2008Cipher suiteCipherKey length
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHAAES256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAAES256
"TLS_RSA_WITH_AES_256_CBC_SHAAES256
TLS_DHE_DSS_WITH_AES_256_CBC_SHAAES256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHAAES128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAAES128
TLS_DHE_DSS_WITH_AES_128_CBC_SHAAES128
"TLS_RSA_WITH_AES_128_CBC_SHAAES128
TLS_RSA_WITH_RC4_128_MD5RC4128
TLS_RSA_WITH_RC4_128_SHARC4128
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA3DES112
TLS_RSA_WITH_3DES_EDE_CBC_SHA3DES112
* AES support provided by a hotfix to the 2003 server

The list includes ciphers that can be safely enabled in the SSL/TLS configuration, weak ciphers have been left out. Note that AES is the industry standard for the future, and is supported by the 2008 server, but not by the 2003 unless installed as a hotfix. The table shows that the 2008 server offer many more cipher suites. It is reasonable to assume that the 2003 server will never support all these algorithms, especially in light of their AES-hotfix which only adds two of these.

When comparing support for SSL/TLS protocol versions, the 2008 server comes out on top, with its support for SSL 3.0, and TLS versions up to 1.2. The 2003 server supports SSL 3.0 and TLS 1.0.

So, the lesson learned her is: If you want state-of-the-art cryptographic support, upgrade your 2003 servers to 2008!

20 comments:

  1. Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
    post free classified ads in india

    ReplyDelete
  2. Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
    Scaffolding Dealers in Chennai
    Aluminium Scaffolding Dealers in Chennai

    ReplyDelete
  3. Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
    web portal development company in chennai

    ReplyDelete
  4. Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
    scaffolding dealers in chennai
    aluminium scaffolding dealers in chennai

    ReplyDelete
  5. Very detailed comparison, please keep writing.

    ReplyDelete
  6. (Michael Kors Outlet Online) thoughts (Jordan Shoes For Sale Online) at scientific tests and as a consequence creativity, Plasma tv created treatment options trade watch.

    Gains all the perks(Glass pitcher) (Cheap Jordan Shoes Websites) 4. Strikeouts(Glass pitcher) 5. Staff members is (New Yeezys 2020) victorious 6. Walking on in drenched feet isn your ultimate prospect of (Ray Ban Outlet Store) leisure, Regardless of what journey on the other (Coach Outlet Store Online) hand physical available one's own shoes shoes or boots (Michael Kors Outlet) are possibly. Which is which they can use some advanced suggestions about what to refill your cupboard while having. We refined much of the (New Jordan Releases 2020) stylish and a lot helpful sandals, In each sort this kind of, Intended keep feet dried out in the event going out.

    ReplyDelete
  7. Windows server is very important for online businessmen, and they can improve their business in short time. They should manage their server carefully and enjoy earning money. Masters dissertation writing service.

    ReplyDelete
  8. I would like to say that this blog really convinced me to do it! Thanks, very good post.Check out the way to fix Aol Error Code 475. Lean how you can fix it at your own or feel free to call our experts on our toll-free numbers or visit our website to know more!

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. Informative Post! Thanks for sharing this content with us. We appreciate your efforts. Get the solution to fix the Roadrunner Email Not Working issues. Visit our blog for more details

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. NET, developed by Microsoft, is a versatile and powerful framework for building a wide range of applications, from web and mobile to desktop and cloud-based solutions. It supports multiple programming languages, including C#, VB.NET, and F#, providing a unified platform for software development. The framework offers extensive libraries, tools, and runtime environments to streamline application development, making it a popular choice among developers worldwide.
    tax and estate lawyer
    henrico traffic lawyer
    virginia uncontested divorce
    virginia personal injury settlements






    ReplyDelete

Copyright notice

© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.

Read other popular posts