Export (0) Print
Expand All

6 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs:

  • Windows NT operating system

  • Windows 2000 operating system

  • Windows XP operating system

  • Windows Server 2003 operating system

  • Windows Server 2003 operating system with Service Pack 1 (SP1)

  • Windows Server 2003 R2 operating system

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 1: Windows 8.1 and Windows Server 2012 R2 implement TLS 1.2 as specified mainly in [RFC5246] with extensions from [RFC4366], [RFC4681], and [RFC5077], additional cipher suites from [RFC3268], [RFC4492], [RFC5289], TLS 1.1 from [RFC4346], and SSL from [SSL3].

Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 implement TLS 1.2 as specified mainly in [RFC5246] with extensions from [RFC4366] and [RFC4681], additional cipher suites from [RFC3268], [RFC4492], [RFC5289], TLS 1.1 from [RFC4346], and SSL from [SSL3].

Windows Vista and Windows Server 2008 implement TLS 1.0 as specified mainly in [RFC2246] with extensions from [RFC3546] and [RFC4681], additional cipher suites from [RFC3268] and [RFC4492], and SSL from [SSL3].

In Windows Server 2003 and Windows XP, TLS was implemented with [RFC2246] and [RFC4681], SSL from [SSL3], and PCT from [PCT1].

Windows NT and Windows 2000 implement SSL from [SSL3] and PCT from [PCT1].

<2> Section 2.2: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 do not support [RFC5077]. Windows 8 and Windows Server 2012 support only the client side of [RFC5077]. Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 do not support [NPN] and [IETFDRAFT-ALPN].

<3> Section 2.2.1: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 support [RFC4492], except for ECDH cipher suites.

<4> Section 2.2.1: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 support [RFC4492], except for not allowing cipher suites where the number of bits used in the public key algorithm is less than the number of bits used in the signing algorithm.

<5> Section 2.2.1: Windows accepts a unified format Client Hello message even when SSL version 2 is disabled.

<6> Section 2.2.2: Windows has a decoupling of the network layer from the SSL/TLS layer and thus will not be able to ensure alert messages are sent.

<7> Section 2.2.3: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 support sending and receiving the Certificate Status Request extension from [RFC4366] and [RFC3546].

<8> Section 2.2.3: Windows supports sending and receiving the User Mapping extension using UPN domain hint from [RFC4681].

<9> Section 2.2.3: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 support sending the Server Name Indications from [RFC4366] and [RFC3546] in the ClientHello. Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 support sending and receiving the Server Name Indications.

<10> Section 2.2.3: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 do not support [RFC5077]. Windows 8 and Windows Server 2012 support only the client side of [RFC5077].

<11> Section 2.2.3: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 do not support [NPN] and [IETFDRAFT-ALPN].

<12> Section 2.2.4: Windows does not require that the signing algorithm used by the issuer of a certificate match the algorithm in the end certificate.

<13> Section 2.2.4: Windows does not require particular key usage extension bits to be set in certificates.

<14> Section 2.2.4: Windows omits the root certificate by default when sending certificate chains.

<15> Section 3.1.5: If a session fails during bulk data transfer, Windows does not prevent attempted resumption of the session.

<16> Section 3.1.5: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 do not support or process extensions within the Certificate Status Request extension.

<17> Section 3.1.5: Windows does not ignore a HelloRequest received even in the middle of a handshake.

<18> Section 3.1.5: Windows 2000, Windows 2000 Server, Windows Server 2003, and Windows Server 2003 R2 do not support fragmentation of incoming messages across frames as is allowed in [RFC5246] section 6.2.1.

<19> Section 3.1.5: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 do not support [RFC5077]. Windows 8 and Windows Server 2012 support only the client side of [RFC5077].

<20> Section 3.1.5: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 and Windows Server 2012 do not support [NPN] and [IETFDRAFT-ALPN].

<21> Section 3.1.5: Windows ignores both unrequested and duplicate extensions in both ClientHello and ServerHello.

 
Show:
© 2015 Microsoft