Export (0) Print
Expand All

5.3.6 Encrypting and Decrypting the I/O Data Stream

If the Encryption Level (see section 5.4.1) of the server is greater than zero, then encryption will always be in effect. At a minimum, all client-to-server traffic (except for licensing PDUs which have optional encryption) will be encrypted and a MAC will be appended to the data to ensure transmission integrity.

The table which follows summarizes the possible encryption and MAC generation scenarios based on the Encryption Method and Encryption Level selected by the server (the Encryption Method values are described in section 2.2.1.4.3, while the Encryption Levels are described in 5.4.1) as part of the cryptographic negotiation described in section 5.3.2:

Selected Encryption Level

Selected Encryption Method

Data Encryption

MAC Generation

None (0)

None (0x00)

None

None

Low (1)

40-Bit (0x01)

56-Bit (0x08)

128-Bit (0x02)

Client-to-server traffic only using RC4

Client-to-server traffic only using MD5 and SHA-1

Client Compatible (2)

40-Bit (0x01)

56-Bit (0x08)

128-Bit (0x02)

Client-to-server and server-to-client traffic using RC4

Client-to-server and server-to-client traffic using MD5 and SHA-1

High (3)

128-Bit (0x02)

Client-to-server and server-to-client traffic using RC4

Client-to-server and server-to-client traffic using MD5 and SHA-1

FIPS (4)

FIPS (0x10)

Client-to-server and server-to-client traffic using Triple DES

Client-to-server and server-to-client traffic using SHA-1

 
Show:
© 2015 Microsoft