SHA512 is disabled in Windows when you use TLS 1.2

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials More

About this update

After you apply this update, the signature and hash algorithm combinations for RSA\SHA512 and ECDSA\SHA512 are enabled for the Transport Layer Security (TLS) 1.2 protocol. This means that you can now use SHA512 certificates on your computer.

If you currently use SHA512 certificates, and do not have this update installed, you may have problems in one or more of the following scenarios by using TLS 1.2:

Internet Protocol security (IPsec) stand-alone
IPSec with DirectAccess
Microsoft Lync Server 2013
Remote Desktop Services (RDP)
SSL websites
SSL based VPN
Web applications

Notes

RSA\SHA512 means that the RSA signature algorithm is combined with SHA512 hash algorithm.
ECDSA\SHA512 means that the Elliptic Curve Digital Signature Algorithm (ECDSA) is combined with SHA512 hash algorithm.

How to obtain this update

Important Do not install a language pack after you install this update. If you do, the language-specific changes in the update will not be applied, and you will have to reinstall the update. For more information, see Add language packs to Windows.

For Windows 8.1 or Windows Server 2012 R2

The following update rollup is available:

Get update rollup 2975719

For Windows 8 or Windows Server 2012

The following update rollup is available:

Get update rollup 2975331

For Windows 7 or Windows Server 2008 R2

Method 1: Windows Update

This update is available from Windows Update.

Method 2: Microsoft Download Center

The following files are also available for download from the Microsoft Download Center:

Operating system	Update
All supported x86-based versions of Windows 7	Download the package now.
All supported x64-based versions of Windows 7	Download the package now.
All supported x64-based versions of Windows Server 2008 R2	Download the package now.
All supported IA-64-based versions of Windows Server 2008 R2	Download the package now.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update detail information

Prerequisites

There is no prerequisite to apply this update.

Registry information

To apply this update, you do not have to make any changes to the registry.

Restart requirement

You have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

File information

The global version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

For all supported x86-based versions of Windows 7

File name	File version	File size	Date	Time	Platform
Cng.sys	6.1.7601.17919	369,848	4-Jul-13	12:16	x86
Ksecdd.sys	6.1.7601.18489	67,520	30-May-14	7:53	x86
Ksecpkg.sys	6.1.7601.18489	136,640	30-May-14	7:53	x86
Lsasrv.dll	6.1.7601.18489	1,059,840	30-May-14	7:52	x86
Lsasrv.mof	Not applicable	13,780	4-Jul-13	12:18	Not applicable
Lsass.exe	6.1.7601.18489	22,528	30-May-14	7:52	x86
Secur32.dll	6.1.7601.18489	22,016	30-May-14	7:52	x86
Sspicli.dll	6.1.7601.18489	100,352	30-May-14	7:52	x86
Sspisrv.dll	6.1.7601.18489	15,872	30-May-14	7:52	x86
Cng.sys	6.1.7601.22076	369,848	9-Jul-13	6:16	x86
Ksecdd.sys	6.1.7601.22705	67,520	30-May-14	7:35	x86
Ksecpkg.sys	6.1.7601.22705	136,640	30-May-14	7:35	x86
Lsasrv.dll	6.1.7601.22705	1,060,864	30-May-14	7:35	x86
Lsasrv.mof	Not applicable	13,780	9-Jul-13	6:22	Not applicable
Lsass.exe	6.1.7601.22705	22,528	30-May-14	7:34	x86
Secur32.dll	6.1.7601.22705	22,016	30-May-14	7:35	x86
Sspicli.dll	6.1.7601.22705	100,352	30-May-14	7:35	x86
Sspisrv.dll	6.1.7601.22705	15,872	30-May-14	7:35	x86
Adtschema.dll	6.1.7601.22705	685,056	30-May-14	7:30	x86
Auditpol.exe	6.1.7601.22705	50,176	30-May-14	7:34	x86
Msaudite.dll	6.1.7601.22705	145,920	30-May-14	7:32	x86
Msobjs.dll	6.1.7601.22705	60,416	30-May-14	7:32	x86
Ncrypt.dll	6.1.7601.18489	220,160	30-May-14	7:52	x86
Ncrypt.dll	6.1.7601.22705	220,160	30-May-14	7:35	x86
Credssp.dll	6.1.7601.18489	17,408	30-May-14	7:52	x86
Tspkg.dll	6.1.7601.18489	65,536	30-May-14	7:52	x86
Tspkg.mof	Not applicable	964	4-Jul-13	12:24	Not applicable
Credssp.dll	6.1.7601.22705	17,408	30-May-14	7:35	x86
Tspkg.dll	6.1.7601.22705	65,536	30-May-14	7:35	x86
Tspkg.mof	Not applicable	964	9-Jul-13	6:39	Not applicable
Wdigest.dll	6.1.7601.18489	172,032	30-May-14	7:52	x86
Wdigest.dll	6.1.7601.22705	172,032	30-May-14	7:35	x86
Kerberos.dll	6.1.7601.18489	550,912	30-May-14	7:52	x86
Kerberos.dll	6.1.7601.22705	551,424	30-May-14	7:35	x86
Msv1_0.dll	6.1.7601.18489	259,584	30-May-14	7:52	x86
Msv1_0.dll	6.1.7601.22705	260,096	30-May-14	7:35	x86
Schannel.dll	6.1.7601.18489	247,808	30-May-14	7:52	x86
Schannel.dll	6.1.7601.22705	247,808	30-May-14	7:35	x86

For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2

File name	File version	File size	Date	Time	Platform
Certcli.dll	6.1.7601.22705	463,872	30-May-14	8:00	x64
Cng.sys	6.1.7601.17919	458,712	4-Jul-13	12:18	x64
Ksecdd.sys	6.1.7601.18489	95,680	30-May-14	8:09	x64
Ksecpkg.sys	6.1.7601.18489	155,072	30-May-14	8:09	x64
Lsasrv.dll	6.1.7601.18489	1,460,736	30-May-14	8:08	x64
Lsasrv.mof	Not applicable	13,780	4-Jul-13	12:20	Not applicable
Lsass.exe	6.1.7601.18489	31,232	30-May-14	8:07	x64
Secur32.dll	6.1.7601.18489	28,160	30-May-14	8:08	x64
Sspicli.dll	6.1.7601.18489	136,192	30-May-14	8:08	x64
Sspisrv.dll	6.1.7601.18489	29,184	30-May-14	8:08	x64
Cng.sys	6.1.7601.22076	458,704	9-Jul-13	6:26	x64
Ksecdd.sys	6.1.7601.22705	95,680	30-May-14	8:01	x64
Ksecpkg.sys	6.1.7601.22705	155,072	30-May-14	8:01	x64
Lsasrv.dll	6.1.7601.22705	1,462,272	30-May-14	8:00	x64
Lsasrv.mof	Not applicable	13,780	9-Jul-13	6:30	Not applicable
Lsass.exe	6.1.7601.22705	31,232	30-May-14	8:00	x64
Secur32.dll	6.1.7601.22705	28,160	30-May-14	8:00	x64
Sspicli.dll	6.1.7601.22705	136,192	30-May-14	8:00	x64
Sspisrv.dll	6.1.7601.22705	29,184	30-May-14	8:00	x64
Adtschema.dll	6.1.7601.22705	685,056	30-May-14	7:55	x64
Auditpol.exe	6.1.7601.22705	64,000	30-May-14	7:59	x64
Msaudite.dll	6.1.7601.22705	145,920	30-May-14	7:57	x64
Msobjs.dll	6.1.7601.22705	60,416	30-May-14	7:57	x64
Ncrypt.dll	6.1.7601.18489	307,200	30-May-14	8:08	x64
Ncrypt.dll	6.1.7601.22705	307,712	30-May-14	8:00	x64
Ocspisapi.dll	6.1.7601.22705	355,840	30-May-14	8:00	x64
Ocspisapictrs.h	Not applicable	1,421	9-Jul-13	6:42	Not applicable
Ocspisapictrs.ini	Not applicable	2,636	9-Jul-13	6:42	Not applicable
Ocspsvcctrs.ini	Not applicable	2,960	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,134	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	2,918	30-May-14	7:56	Not applicable
Ocspsvcctrs.ini	Not applicable	3,210	30-May-14	9:06	Not applicable
Ocspsvcctrs.ini	Not applicable	3,098	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,028	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,140	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	2,642	30-May-14	9:06	Not applicable
Ocspsvcctrs.ini	Not applicable	2,576	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,026	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,028	30-May-14	9:06	Not applicable
Ocspsvcctrs.ini	Not applicable	3,188	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,130	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,064	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	3,092	30-May-14	9:06	Not applicable
Ocspsvcctrs.ini	Not applicable	2,828	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	2,158	30-May-14	9:07	Not applicable
Ocspsvcctrs.ini	Not applicable	2,460	30-May-14	9:06	Not applicable
Ocspsvc.exe	6.1.7601.22705	276,480	30-May-14	8:00	x64
Ocspsvcctrs.h	Not applicable	1,569	9-Jul-13	6:42	Not applicable
Ocspsvcctrs.ini	Not applicable	2,918	9-Jul-13	6:42	Not applicable
Credssp.dll	6.1.7601.18489	22,016	30-May-14	8:08	x64
Tspkg.dll	6.1.7601.18489	86,528	30-May-14	8:08	x64
Tspkg.mof	Not applicable	964	4-Jul-13	12:25	Not applicable
Credssp.dll	6.1.7601.22705	22,016	30-May-14	8:00	x64
Tspkg.dll	6.1.7601.22705	86,528	30-May-14	8:00	x64
Tspkg.mof	Not applicable	964	9-Jul-13	6:41	Not applicable
Wdigest.dll	6.1.7601.18489	210,944	30-May-14	8:08	x64
Wdigest.dll	6.1.7601.22705	210,944	30-May-14	8:00	x64
Kerberos.dll	6.1.7601.18489	728,064	30-May-14	8:08	x64
Kerberos.dll	6.1.7601.22705	729,088	30-May-14	8:00	x64
Msv1_0.dll	6.1.7601.18489	314,880	30-May-14	8:08	x64
Msv1_0.dll	6.1.7601.22705	315,904	30-May-14	8:00	x64
Schannel.dll	6.1.7601.18489	340,992	30-May-14	8:08	x64
Schannel.dll	6.1.7601.22705	340,992	30-May-14	8:00	x64
Lsasrv.mof	Not applicable	13,780	4-Jul-13	12:18	Not applicable
Secur32.dll	6.1.7601.18489	22,016	30-May-14	7:52	x86
Sspicli.dll	6.1.7601.18489	96,768	30-May-14	7:51	x86
Lsasrv.mof	Not applicable	13,780	9-Jul-13	6:22	Not applicable
Secur32.dll	6.1.7601.22705	22,016	30-May-14	7:35	x86
Sspicli.dll	6.1.7601.22705	96,768	30-May-14	7:34	x86
Wdigest.dll	6.1.7601.18489	172,032	30-May-14	7:52	x86
Wdigest.dll	6.1.7601.22705	172,032	30-May-14	7:35	x86
Kerberos.dll	6.1.7601.18489	550,912	30-May-14	7:52	x86
Kerberos.dll	6.1.7601.22705	551,424	30-May-14	7:35	x86
Msv1_0.dll	6.1.7601.18489	259,584	30-May-14	7:52	x86
Msv1_0.dll	6.1.7601.22705	260,096	30-May-14	7:35	x86
Schannel.dll	6.1.7601.18489	247,808	30-May-14	7:52	x86
Schannel.dll	6.1.7601.22705	247,808	30-May-14	7:35	x86
Certcli.dll	6.1.7601.22705	342,528	30-May-14	7:35	x86
Adtschema.dll	6.1.7601.22705	685,056	30-May-14	7:30	x86
Auditpol.exe	6.1.7601.22705	50,176	30-May-14	7:34	x86
Msaudite.dll	6.1.7601.22705	145,920	30-May-14	7:32	x86
Msobjs.dll	6.1.7601.22705	60,416	30-May-14	7:32	x86
Ncrypt.dll	6.1.7601.18489	220,160	30-May-14	7:52	x86
Ncrypt.dll	6.1.7601.22705	220,160	30-May-14	7:35	x86
Credssp.dll	6.1.7601.18489	17,408	30-May-14	7:52	x86
Tspkg.dll	6.1.7601.18489	65,536	30-May-14	7:52	x86
Tspkg.mof	Not applicable	964	4-Jul-13	12:24	Not applicable
Credssp.dll	6.1.7601.22705	17,408	30-May-14	7:35	x86
Tspkg.dll	6.1.7601.22705	65,536	30-May-14	7:35	x86
Tspkg.mof	Not applicable	964	9-Jul-13	6:39	Not applicable

For all supported IA-64-based versions of Windows Server 2008 R2

File name	File version	File size	Date	Time	Platform
Cng.sys	6.1.7601.17919	789,024	4-Jul-13	12:23	IA-64
Ksecdd.sys	6.1.7601.18489	179,648	30-May-14	7:22	IA-64
Ksecpkg.sys	6.1.7601.18489	316,352	30-May-14	7:22	IA-64
Lsasrv.dll	6.1.7601.18489	2,695,168	30-May-14	7:22	IA-64
Lsasrv.mof	Not applicable	13,780	4-Jul-13	12:25	Not applicable
Lsass.exe	6.1.7601.18489	56,320	30-May-14	7:21	IA-64
Secur32.dll	6.1.7601.18489	48,640	30-May-14	7:22	IA-64
Sspicli.dll	6.1.7601.18489	275,456	30-May-14	7:22	IA-64
Sspisrv.dll	6.1.7601.18489	46,080	30-May-14	7:22	IA-64
Cng.sys	6.1.7601.22076	789,024	9-Jul-13	6:23	IA-64
Ksecdd.sys	6.1.7601.22705	179,648	30-May-14	7:15	IA-64
Ksecpkg.sys	6.1.7601.22705	316,352	30-May-14	7:15	IA-64
Lsasrv.dll	6.1.7601.22705	2,697,216	30-May-14	7:15	IA-64
Lsasrv.mof	Not applicable	13,780	9-Jul-13	6:28	Not applicable
Lsass.exe	6.1.7601.22705	56,320	30-May-14	7:14	IA-64
Secur32.dll	6.1.7601.22705	48,640	30-May-14	7:15	IA-64
Sspicli.dll	6.1.7601.22705	275,456	30-May-14	7:15	IA-64
Sspisrv.dll	6.1.7601.22705	46,080	30-May-14	7:15	IA-64
Adtschema.dll	6.1.7601.22705	685,056	30-May-14	7:10	IA-64
Auditpol.exe	6.1.7601.22705	145,408	30-May-14	7:14	IA-64
Msaudite.dll	6.1.7601.22705	145,920	30-May-14	7:12	IA-64
Msobjs.dll	6.1.7601.22705	60,416	30-May-14	7:12	IA-64
Ncrypt.dll	6.1.7601.18489	551,936	30-May-14	7:22	IA-64
Ncrypt.dll	6.1.7601.22705	553,472	30-May-14	7:15	IA-64
Credssp.dll	6.1.7601.18489	49,664	30-May-14	7:22	IA-64
Tspkg.dll	6.1.7601.18489	188,416	30-May-14	7:22	IA-64
Tspkg.mof	Not applicable	964	4-Jul-13	12:32	Not applicable
Credssp.dll	6.1.7601.22705	49,664	30-May-14	7:15	IA-64
Tspkg.dll	6.1.7601.22705	188,416	30-May-14	7:15	IA-64
Tspkg.mof	Not applicable	964	9-Jul-13	6:41	Not applicable
Wdigest.dll	6.1.7601.18489	475,136	30-May-14	7:22	IA-64
Wdigest.dll	6.1.7601.22705	475,136	30-May-14	7:15	IA-64
Kerberos.dll	6.1.7601.18489	1,525,248	30-May-14	7:22	IA-64
Kerberos.dll	6.1.7601.22705	1,526,272	30-May-14	7:15	IA-64
Msv1_0.dll	6.1.7601.18489	647,680	30-May-14	7:22	IA-64
Msv1_0.dll	6.1.7601.22705	650,240	30-May-14	7:15	IA-64
Schannel.dll	6.1.7601.18489	711,680	30-May-14	7:22	IA-64
Schannel.dll	6.1.7601.22705	712,192	30-May-14	7:15	IA-64
Lsasrv.mof	Not applicable	13,780	4-Jul-13	12:18	Not applicable
Secur32.dll	6.1.7601.18489	22,016	30-May-14	7:52	x86
Sspicli.dll	6.1.7601.18489	96,768	30-May-14	7:51	x86
Lsasrv.mof	Not applicable	13,780	9-Jul-13	6:22	Not applicable
Secur32.dll	6.1.7601.22705	22,016	30-May-14	7:35	x86
Sspicli.dll	6.1.7601.22705	96,768	30-May-14	7:34	x86
Wdigest.dll	6.1.7601.18489	172,032	30-May-14	7:52	x86
Wdigest.dll	6.1.7601.22705	172,032	30-May-14	7:35	x86
Kerberos.dll	6.1.7601.18489	550,912	30-May-14	7:52	x86
Kerberos.dll	6.1.7601.22705	551,424	30-May-14	7:35	x86
Msv1_0.dll	6.1.7601.18489	259,584	30-May-14	7:52	x86
Msv1_0.dll	6.1.7601.22705	260,096	30-May-14	7:35	x86
Schannel.dll	6.1.7601.18489	247,808	30-May-14	7:52	x86
Schannel.dll	6.1.7601.22705	247,808	30-May-14	7:35	x86
Adtschema.dll	6.1.7601.22705	685,056	30-May-14	7:30	x86
Auditpol.exe	6.1.7601.22705	50,176	30-May-14	7:34	x86
Msaudite.dll	6.1.7601.22705	145,920	30-May-14	7:32	x86
Msobjs.dll	6.1.7601.22705	60,416	30-May-14	7:32	x86
Ncrypt.dll	6.1.7601.18489	220,160	30-May-14	7:52	x86
Ncrypt.dll	6.1.7601.22705	220,160	30-May-14	7:35	x86
Credssp.dll	6.1.7601.18489	17,408	30-May-14	7:52	x86
Tspkg.dll	6.1.7601.18489	65,536	30-May-14	7:52	x86
Tspkg.mof	Not applicable	964	4-Jul-13	12:24	Not applicable
Credssp.dll	6.1.7601.22705	17,408	30-May-14	7:35	x86
Tspkg.dll	6.1.7601.22705	65,536	30-May-14	7:35	x86
Tspkg.mof	Not applicable	964	9-Jul-13	6:39	Not applicable

Status

Microsoft has confirmed that SHA512 hash algorithm is turned off by default for the TLS 1.2 protocol in the Microsoft products that are listed in the "Applies to" section.

More Information

By default, the TLS hash algorithm SHA512 is disabled for the TLS 1.2 protocol on a computer that is running one of the affected products that are listed in this article. Therefore, you cannot use SHA512 as a hash algorithm between two computers that are using TLS 1.2 until you install the required updates that are listed in this article.

For more information about TLS, go to the following Microsoft website:

General information about Transport Layer Security (TLS)

For more information about SHA512, go to the following Wiki website:

General information about SHA2

For more information about how to deploy SHA512 certificates on client computers, go to the following Microsoft website:

How to deploy client computer certificates

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Last Updated: 13 Apr 2015