| Platform SDK: Logon Authentication |
The following protocols are supported by Schannel, through the Microsoft Unified Security Protocol Provider package, and are listed in order of preference:
Note A server chooses the protocol to use out of the set of protocols supported by the client.
The cipher suites for TLS 1.0 are the same as those for SSL 3.0 except that the TLS implementation does not support any Fortezza cipher suites.
The following cipher suites for SSL 3.0 are supported and listed in order of preference. Note that the prefix can be either SSL or TSL for all cipher suites except Fortezza.
| Cipher suite | Limitations |
|---|---|
| SSL_RSA_WITH_RC4_128_MD5 | Domestic only |
| SSL_RSA_WITH_RC4_128_SHA | Domestic only |
| SSL_RSA_WITH_3DES_EDE_CBC_SHA | Domestic only |
| SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA | Domestic only |
| SSL_RSA_WITH_DES_CBC_SHA | Domestic only |
| SSL_RSA_EXPORT1024_WITH_RC4_56_SHA | No restrictions |
| SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA | No restrictions |
| SSL_RSA_EXPORT_WITH_RC4_40_MD5 | No restrictions |
| SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | No restrictions |
| SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA | Windows 2000 domestic only |
| SSL_DHE_DSS_WITH_DES_CBC_SHA | Windows 2000 domestic only |
| SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA | No restrictions |
| SSL_RSA_WITH_RC4_64_MD5 | Microsoft Money only |
| SSL_RSA_WITH_RC4_64_SHA | Microsoft Money only |
| SSL_RSA_WITH_NULL_MD5 | Off by default |
| SSL_RSA_WITH_NULL_SHA | Off by default |
The following cipher suites for SSL 2.0 are supported and listed in order of preference.
| Cipher Suite | Limitation |
|---|---|
| SSL_RC4_128_WITH_MD5 | Domestic only |
| SSL_DES_192_EDE3_CBC_WITH_MD5 | Domestic only |
| SSL_RC2_CBC_128_CBC_WITH_MD5 | Domestic only |
| SSL_RC4_128_FINANCE64_WITH_MD5 | Domestic only (and Microsoft® Money) |
| SSL_DES_64_CBC_WITH_MD5 | Domestic only |
| SSL_RC4_128_EXPORT40_WITH_MD5 | SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 |
Advanced features such as renegotiations (redo) and client authentication are supported when using SSL 2.0.
Developers are not encouraged to use PCT because it is Microsoft proprietary and has been completely superseded by SSL 3.0 and TLS. If used, PCT supports most of the cipher suites supported by SSL 2.0.