Does windows 2003 support TLS 1.1 and 1.2. The server need to consume the service hosted on other server, using https with TLS 1.1 and 1.2 certificate.
Asked
Active
Viewed 4.0k times
7
-
1Do you mean a situation in which some service or application running on Windows 2003 connects to a webserver (or other service) with TLS? – techraf Aug 02 '16 at 04:46
-
3The _certificate_ is unrelated to the protocol; the same cert can be used for all of SSL3 and TLS 1.0 1.1 1.2 (though of course you _shouldn't_ use SSL3). However, _other_ things in the cert (or chain) may matter; in particular S2003 needed a hotfix for RSA-with-SHA2 signatures which all public CAs have been using for at least a year. (XP got the same fix in SP2). Also some modern servers want SNI which is technically independent of protocol but was mostly implemented at the same _time_ as 1.1; IIRC both S2003 _and_ XP didn't do SNI. – dave_thompson_085 Aug 02 '16 at 08:41
-
@techraf yes, it is. – John Hpa Aug 19 '16 at 03:03
1 Answers
15
It is not supported natively. Support for TLS 1.1 and 1.2 was added to Windows Server 2008 R2.
See How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll.
Neither IIS provided with Windows 2003 nor Internet Explorer versions 7 and 8 (executable on Windows 2003) support TLS 1.1/TLS 1.2.
If the application uses the library provided by operating system (schannel.dll), then Windows 2003 supports only: SSL 2.0, SSL 3.0 and TLS 1.0.
However if the application used/implemented another library, it might support the versions in question (for example Chrome and Firefox browsers support TLS 1.1 and 1.2 when running on older Windows systems as well).
techraf
- 4,243
- 8
- 29
- 44