Microsoft has announced its plans to discontinue support for RSA keys shorter than 2048 bits for Transport Layer Security authentication. This move is aimed at enabling future versions of Windows to block outdated and potentially harmful websites and applications.
Current security standards and best practices suggest the use of at least a 2048-bit RSA or 256-bit ECDSA cryptographic key. In comparison to 1024-bit keys, which offer 80-bit security, 2048-bit keys provide 112-bit security.
The modifications do not impact TLS certificates issued by enterprise or test certificate authorities (CAs), though it is advisable to update those as well.
In 2023, Microsoft ceased supporting TLS 1.0 and TLS 1.1 protocols for actual Windows versions. Furthermore, starting with the Windows 11 Insider Preview builds in September 2023, TLS versions 1.0 and 1.1 are disabled by default.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment