aka » Пт ноя 29, 2019 12:00 pm
https://docs.microsoft.com/en-us/opensp ... 075565b80d
* Client Compatible: All data sent between the client and the server is protected using encryption techniques negotiated through mechanisms defined by the negotiated security protocol.
* High: All data sent between the client and the server is
protected using encryption techniques which employ at least a 128-bit symmetric key negotiated through mechanisms defined by the negotiated security protocol. The server enforces the key strength, and clients that do not support 128-bit symmetric keys cannot connect.
* FIPS: All data sent between the client and server is protected by the negotiated security protocol using the following Federal Information Processing Standard
140-1 validated methods: RSA for key exchange, Triple DES for bulk encryption, and SHA-1 for any hashing operations. Clients that do not support these methods cannot connect.
Параноики выбирают "уровень безопасности" TLS и запрещают все TLS ниже 1.2:
https://forum.wtware.com/viewtopic.php?p=75811#p75811 С уровнем шифрования "High" получается максимум, на что способен сервер. В TLS 1.2 не будет ни маразма тройного DES, ни устаревшей SHA-1.
Про FIPS 140-1:
https://en.wikipedia.org/wiki/FIPS_140
FIPS 140-1, issued on 11 January 1994
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/6e547618-4755-41cb-9b3b-c9075565b80d
* Client Compatible: All data sent between the client and the server is protected using encryption techniques negotiated through mechanisms defined by the negotiated security protocol.
* High: All data sent between the client and the server is [b]protected using encryption techniques which employ at least a 128-bit symmetric key negotiated through mechanisms defined by the negotiated security protocol[/b]. The server enforces the key strength, and clients that do not support 128-bit symmetric keys cannot connect.
* FIPS: All data sent between the client and server is protected by the negotiated security protocol using the following Federal Information Processing Standard [b]140-1[/b] validated methods: RSA for key exchange, Triple DES for bulk encryption, and SHA-1 for any hashing operations. Clients that do not support these methods cannot connect.
Параноики выбирают "уровень безопасности" TLS и запрещают все TLS ниже 1.2: https://forum.wtware.com/viewtopic.php?p=75811#p75811 С уровнем шифрования "High" получается максимум, на что способен сервер. В TLS 1.2 не будет ни маразма тройного DES, ни устаревшей SHA-1.
Про FIPS 140-1: https://en.wikipedia.org/wiki/FIPS_140
[quote]FIPS 140-1, issued on [b]11 January 1994[/b][/quote]