Click here to Skip to main content
15,791,892 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
We are currently using a Website/TLS Security Certificate. We are using Windows Server 2008 (NOT R2!)

Here is my question:
When we click on the URL 'lock', on the certificate, this is what appears:
Image is here:

And this is the certificate information:

We have a certificate that uses SHA2 encryption.
However, on the Connection Information image above, it says:

The connection is encrypted using AES_128_CBC, with HMAC-SHA1 for message authentication and RSA as the key exchange mechanism.

However, the certificate uses SHA-256

What is it using, SHA-1 or SHA-256?
Again, the server can only support TLS 1.0

Please let me know.

Thank you.

1 solution

Windows may need to be instructed to allow it despite the SSL certificate containing support, especially on older operating systems.

There's a useful tool for configuring windows support of different cryptographic cyphers and key exchange mechanisms.

The tool is called:

IIS Crypto

Nartac Software - IIS Crypto[^]
Share this answer
Stephen Hewison 14-Jan-16 5:29am    
And to clarify. When windows orders the cipher suite preferences the (protocol, cipher, hashes and key exchanges make up a cipher suite) it makes not reference to the version of TLS being enabled in the suite. So this would suggest that yes, TLS1.0 is compatible with SHA256.
Stephen Hewison 14-Jan-16 5:31am    
Also TLS 1.0 is effectively deprecated and subject to known vulnerabilities. There's a movement across the internet to phase out SSL3.0 and TLS1.0 and to drop support for the RC4 cipher too. To ensure your website remain compliant with modern browsers and secure you should be planning to disable these during 2016.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900