Microsoft Security Bulletin 3174644-diffie-hellman update support for key exchange

Source: Internet
Author: User
Tags windows 10 support
Original website: https://technet.microsoft.com/library/security/3174644 Executive Summary

Microsoft will provide support for updates that enable administrators to configure a long Diffie-hellman ephemeral (DHE) key share for the TLS server. Updated support allows administrators to increase the size of DH modules from the current default of 1024 to 2048, 3072, or 4096.

Note: All versions of Windows 10 support the new DH module settings and use 2048 as the default for DH modules. Bulletin FAQ

The scope of application of this bulletin is large.
The purpose of this bulletin is to inform customers that Microsoft will provide update support to enable administrators to configure a longer diffie-hellman ephemeral (DHE) key share for the TLS server.

DHE what is provided by update support for key sharing.
The module size in the DHE key Exchange implementation is currently 1024 bits. This update support enables administrators to configure module sizes to 2048, 3072, or 4096.

Whether this is a security vulnerability that requires Microsoft to publish a security update.
Whether. However, by enabling administrators to configure a longer DHE key share, you can enhance the security of the TLS server that they administer.

Why Microsoft wants to enable administrators to configure a long DHE key share for the TLS server.
By enabling administrators to configure a longer DHE key share for the TLS server, it is helpful to implement groups 14, 15, and 4096, corresponding to 2048, 3072, and RFC3526, as the default minimum security standards on the TLS server. Recommended measures

The administrator can change the size of the module by adding a registry key value, as follows. If the registry key value does not exist, the module default is still 1024 digits. The following example sets the module size to 2048 bits. Valid registry key values are decimal: 1024, 2048, 3072, and 4096.

To change the default size of a module:

Caution If you do not use Registry Editor correctly, you may cause serious problems (you may need to reinstall your operating system). Microsoft does not guarantee that you will be able to troubleshoot problems that arise from using Registry Editor incorrectly. The risk of using Registry Editor is your own responsibility. Open Registry Editor. Access the following registry location:

[Hkey_local_machine\system\currentcontrolset\control\securityproviders\schannel\keyexchangealgorithms\ Diffie-hellman]
Update the following DWORD value to:
"Serverminkeybitlength" =dword:00000800
other recommended measuresProtect your PC

We still encourage our customers to follow the "Protect your computer" guide to enable firewalls, get software updates, and install antivirus software. For more information, visit the Microsoft Security Center. Update Microsoft software in a timely manner

Users running Microsoft software should apply the latest Microsoft Security update to help ensure that their computers are as best protected as possible. If you are unsure whether the software is the latest version, visit the Microsoft Update, scan your computer for available updates, and install any high-priority updates that are available to you. If Automatic Updates is enabled and configured to provide updates to Microsoft products, the updates will be transmitted to you after publication, but you should verify that they are installed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.