Microsoft has rolled out a number of updates and changes regarding Transport Layer Security and recently the company announced the deprecation of TLS 1.0 and 1.1 in the next version of Windows, as well as the end of support for these versions in accounts Azure storage. .
Additionally, Redmond revealed plans to end support for RSA keys shorter than 2048 bits, which will significantly improve the security of TLS server authentications. This measure is aligned with modern standards and best security practices, which They recommend at least 2048-bit RSA or 256-bit ECDSA cryptographic keys.
An update that can be a headache for many administrators, but which was necessary
The upgrade is crucial because a 2048-bit RSA key offers 112 bits of power, compared to 80 bits offered by a 1024-bit key. This increased security will block outdated and potentially malicious websites, as well as increase protection against cyber threats.
Microsoft detailed these changes on your website, emphasizing the importance of following current security practices to ensure user protection and the integrity of the Windows operating system.
Support for certificates that use RSA keys with key lengths less than 2048 bits will be deprecated. Internet standards and regulatory bodies banned the use of 1024-bit keys in 2013, specifically recommending that RSA keys have a key length of 2048 bits or more.
This deprecation is intended to ensure that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits for Windows to consider them valid.
TLS certificates issued by companies or testing certificate authorities (CAs) are not affected by this change. However, it is recommended to upgrade to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to maintain the security of Windows clients that use certificates for cryptography and authentication purposes.
The tech giant suggested that a TPM-style security chip could be introduced, perhaps something like Pluto. Meanwhile, the Windows kernel is also getting a makeover with Rust for better memory safety.
