Thursday, February 19, 2015

SSL/TLS Protocols Supported by Windows

I know I'm a bit slow out of the gate here. This post is coming much later than it should have. Anyway, I wanted to find a list of TLS/SSL protocols supported by Windows. Unfortunately, that statement is rather dubious.

It should be two separate questions. What protocols are supported by IIS; and what protocols are supported by Internet Explorer. The answer to the first is very simple.

IIS on Windows XP/2003/Vista/2008 support

  • SSL2
  • SSL3 
  • TLS1

IIS on Windows 7/2008R2/8/2012/8.1/2012R2 support

  • SSL2
  • SSL3
  • TLS1
  • TLS1.1
  • TLS1.2

If you are using IIS on an older version of Windows than 2003, please don't. Considering the number of vulnerabilities in IIS on Windows 2000 over the years and the fact that the OS is no longer supported in any way by Microsoft, you shouldn't even be it.

The answer to the second question is a little less simple because each version of Internet Explorer is built to run on multiple versions of Windows. So, it's more along a combination of the version of Windows plus the version of Internet Explorer.

A full comprehensive table is listed on Wikipedia of all browsers with helpful references to vulnerabilities and how those browsers are affected by them. The best situation for Internet Explorer users is using Internet Explorer 11 on Windows 8.1. Users of Internet Explorer 8 (or greater) on Windows 7 (or greater) can get just as secure a setup as those on IE11/Win8.1 by making a few option changes.

References