Microsoft gets more specific with outdated TLS certificates
Microsoft had already declared in March that TLS certificates with a weak RSA key are considered obsolete. The company is being more specific.
A protected laptop.
(Bild: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Microsoft wants to make TLS certificates for server authentication more secure. In the Windows Message Center, the company points out that certificates with weak RSA keys are therefore considered obsolete.
In the Windows IT Pro Blog, Microsoft writes that the change will be enforced on Windows operating systems later this year. This affects TLS server authentication certificates that are anchored in the Microsoft Trusted Root program. The exceptions remain valid: TLS certificates from Enterprise or Test Authorities (CAs) are not affected by the change.
TLS certificates: short RSA keys also possible until now
The TLS server authentication certificates are used to verify the server against a client in order to establish a secure connection between the two. Microsoft also explains that 1024 bits was previously permitted as the shortest key length for RSA encryption. These provide insufficient security in view of the advances in computing power and cryptanalysis techniques. They will therefore be discontinued in the last quarter of this year.
The company states that since 2012 it has encouraged customers to move away from RSA keys with less than 1024 bits. In 2012, the US NIST recommended that 1024-bit RSA keys should no longer be used. Microsoft adapted the recommendations in 2016 to start using longer keys. The new recommended standard has been available to participants in the Windows Insider Program since April 2024. The "deprecated" status later in the year is intended to align with the latest internet standards and regulatory authorities.
The "deprecated" status means that no further active development will take place and the function will be removed completely in later releases, but there will still be support until it is removed. After removal, the function will no longer be supported and may cease to function.
In light of the recent rebuke from the US cybersecurity agency CISA regarding Microsoft's shoddy security and the company's announcement to make the issue its number one priority, Microsoft also states: "If you use Windows or Azure, you know our priority is security. Microsoft is committed to keeping your business protected and productive. As technology advances, there is a risk that weaker key lengths will be broken. To prevent you from being affected by this scenario, we are taking preventative measures."
RSA will not be completely abolished, only the minimum key length will be set to 2048 bits. Microsoft recommends that server operators switch to new TLS server authentication certificates with RSA key lengths of 2048 bits or more for all applications and services. Alternatively, they should switch to smaller and faster ECDSA certificates. If there are problems with the changeover, the authors also mention measures that admins can take with the certutil tool.
The German Federal Office for Information Security (BSI) goes well beyond the more secure RSA key lengths required by NIST and Microsoft. The German IT security authority requires RSA keys to be at least 3000 bits long. This is a de facto mandatory requirement as it is anchored in recommendations that serve as the basis for tender evaluations, for example.
(dmk)