SHA512 is disabled in Windows when you use TLS 1.2

About this update

After you apply this update, the signature and hash algorithm combinations for RSA\SHA512 and ECDSA\SHA512 are enabled for the Transport Layer Security (TLS) 1.2 protocol. This means that you can now use SHA512 certificates on your computer.

If you currently use SHA512 certificates, and do not have this update installed, you may have problems in one or more of the following scenarios by using TLS 1.2:
  • Internet Protocol security (IPsec) stand-alone
  • IPSec with DirectAccess
  • Microsoft Lync Server 2013
  • Remote Desktop Services (RDP)
  • SSL websites
  • SSL based VPN
  • Web applications

Notes
  • RSA\SHA512 means that the RSA signature algorithm is combined with SHA512 hash algorithm.
  • ECDSA\SHA512 means that the Elliptic Curve Digital Signature Algorithm (ECDSA) is combined with SHA512 hash algorithm.

How to obtain this update

Important Do not install a language pack after you install this update. If you do, the language-specific changes in the update will not be applied, and you will have to reinstall the update. For more information, see Add language packs to Windows.

For Windows 8.1 or Windows Server 2012 R2

The following update rollup is available:

For Windows 8 or Windows Server 2012

The following update rollup is available:

For Windows 7 or Windows Server 2008 R2

Method 1: Windows Update

This update is available from Windows Update.

Method 2: Microsoft Download Center

The following files are also available for download from the Microsoft Download Center:
Operating systemUpdate
All supported x86-based versions of Windows 7Download Download the package now.
All supported x64-based versions of Windows 7Download Download the package now.
All supported x64-based versions of Windows Server 2008 R2Download Download the package now.
All supported IA-64-based versions of Windows Server 2008 R2Download Download the package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.


Update detail information

Prerequisites

There is no prerequisite to apply this update.

Registry information

To apply this update, you do not have to make any changes to the registry.

Restart requirement

You have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

File information

Status

Microsoft has confirmed that SHA512 hash algorithm is turned off by default for the TLS 1.2 protocol in the Microsoft products that are listed in the "Applies to" section.

More Information

By default, the TLS hash algorithm SHA512 is disabled for the TLS 1.2 protocol on a computer that is running one of the affected products that are listed in this article. Therefore, you cannot use SHA512 as a hash algorithm between two computers that are using TLS 1.2 until you install the required updates that are listed in this article.

For more information about TLS, go to the following Microsoft website:
For more information about SHA512, go to the following Wiki website:
For more information about how to deploy SHA512 certificates on client computers, go to the following Microsoft website:
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Properties

Article ID: 2973337 - Last Review: Apr 13, 2015 - Revision: 1

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows 8 Enterprise, Windows 8 Pro, Windows 8, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Foundation, Windows Server 2008 R2 for Itanium-Based Systems, Windows 7 Ultimate, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Home Premium, Windows 7 Home Basic, Windows 7 Starter

Feedback