Stronger Chipper Suite Update for Windows 2003

Posted by bink on July 16 2008, 3:28 AM. Posted in Windows Server 2003.

This update adds support for the following Advanced Encryption Standard (AES) cipher suites in the Schannel.dll module for Windows Server 2003:

TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
Note These cipher suites are based on the RC4 algorithm.

OpenSSL supports several 128-bit and 256 bit AES cipher suites. OpenSSL is used in most open software products in Unix systems. For example, OpenSSL is used in Sendmail, Postfix, Firefox, and Thunderbird. Currently, the only 128-bit cipher suite that is mutually available is RC4. Additionally, there is no 256-bit cipher available.If customers set the high cipher strength option in OpenSSL for their software product, OpenSSL disables all 128-bit ciphers. In this case, Windows systems cannot negotiate by using Transport Layer Security (TLS) because there are no mutually supported cipher suites. Therefore, there is usually an interoperability issue between Microsoft Exchange Server and the Postfix server or there is an interoperability issue between Microsoft Exchange Server and the Sendmail server. The only workaround is to use a weaker cipher and a weaker cipher strength.With this update, you can support 128-bit and 256-bit cipher suites without Cryptography Next Generation (CNG). This update enables you to use a higher cipher strength. This update also fixes the interoperability issue between the Exchange server and the Sendmail server. This update also fixes the interoperability issue between the Exchange server and the Postfix server.

Download At Source