Does TLS 1.0 support SHA2? We have a Cert with SHA2, but it displays Sha-1 Help!

Question

0.00/5 (No votes)

See more:

We are currently using a Website/TLS Security Certificate. We are using Windows Server 2008 (NOT R2!)

Here is my question:
When we click on the URL 'lock', on the certificate, this is what appears:
Image is here:
1) http://s22.postimg.org/5pu3ivp35/Connection_Information.png

And this is the certificate information:
2) http://postimg.org/image/xr11epik7

We have a certificate that uses SHA2 encryption.
However, on the Connection Information image above, it says:

The connection is encrypted using AES_128_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism.

However, the certificate uses SHA-256

What is it using, SHA-1 or SHA-256?
Again, the server can only support TLS 1.0

Please let me know.

Thank you.

Posted 13-Jan-16 17:26pm

TheAbominable

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Stephen Hewison · Answer 1 · 2016-01-13T23:13:00

Solution 1

Windows may need to be instructed to allow it despite the SSL certificate containing support, especially on older operating systems.

There's a useful tool for configuring windows support of different cryptographic cyphers and key exchange mechanisms.

The tool is called:

IIS Crypto

Nartac Software - IIS Crypto[^]

Posted 13-Jan-16 23:13pm

Stephen Hewison

v2

Comments

Stephen Hewison 14-Jan-16 5:29am

And to clarify. When windows orders the cipher suite preferences the (protocol, cipher, hashes and key exchanges make up a cipher suite) it makes not reference to the version of TLS being enabled in the suite. So this would suggest that yes, TLS1.0 is compatible with SHA256.

Stephen Hewison 14-Jan-16 5:31am

Also TLS 1.0 is effectively deprecated and subject to known vulnerabilities. There's a movement across the internet to phase out SSL3.0 and TLS1.0 and to drop support for the RC4 cipher too. To ensure your website remain compliant with modern browsers and secure you should be planning to disable these during 2016.