You are currently offline, waiting for your internet to reconnect

SHA512 is disabled in Windows when you use TLS 1.2

About this update
After you apply this update, the signature and hash algorithm combinations for RSA\SHA512 and ECDSA\SHA512 are enabled for the Transport Layer Security (TLS) 1.2 protocol. This means that you can now use SHA512 certificates on your computer.

If you currently use SHA512 certificates, and do not have this update installed, you may have problems in one or more of the following scenarios by using TLS 1.2:
  • Internet Protocol security (IPsec) stand-alone
  • IPSec with DirectAccess
  • Microsoft Lync Server 2013
  • Remote Desktop Services (RDP)
  • SSL websites
  • SSL based VPN
  • Web applications

Notes
  • RSA\SHA512 means that the RSA signature algorithm is combined with SHA512 hash algorithm.
  • ECDSA\SHA512 means that the Elliptic Curve Digital Signature Algorithm (ECDSA) is combined with SHA512 hash algorithm.
How to obtain this update
Important Do not install a language pack after you install this update. If you do, the language-specific changes in the update will not be applied, and you will have to reinstall the update. For more information, see Add language packs to Windows.

For Windows 8.1 or Windows Server 2012 R2

The following update rollup is available:

For Windows 8 or Windows Server 2012

The following update rollup is available:

For Windows 7 or Windows Server 2008 R2

Method 1: Windows Update

This update is available from Windows Update.

Method 2: Microsoft Download Center

The following files are also available for download from the Microsoft Download Center:
Operating systemUpdate
All supported x86-based versions of Windows 7DownloadDownload the package now.
All supported x64-based versions of Windows 7DownloadDownload the package now.
All supported x64-based versions of Windows Server 2008 R2DownloadDownload the package now.
All supported IA-64-based versions of Windows Server 2008 R2DownloadDownload the package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update detail information

Prerequisites

There is no prerequisite to apply this update.

Registry information

To apply this update, you do not have to make any changes to the registry.

Restart requirement

You have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

File information

The global version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.

For all supported x86-based versions of Windows 7
File nameFile versionFile sizeDateTimePlatform
Cng.sys6.1.7601.17919369,8484-Jul-1312:16x86
Ksecdd.sys6.1.7601.1848967,52030-May-147:53x86
Ksecpkg.sys6.1.7601.18489136,64030-May-147:53x86
Lsasrv.dll6.1.7601.184891,059,84030-May-147:52x86
Lsasrv.mofNot applicable13,7804-Jul-1312:18Not applicable
Lsass.exe6.1.7601.1848922,52830-May-147:52x86
Secur32.dll6.1.7601.1848922,01630-May-147:52x86
Sspicli.dll6.1.7601.18489100,35230-May-147:52x86
Sspisrv.dll6.1.7601.1848915,87230-May-147:52x86
Cng.sys6.1.7601.22076369,8489-Jul-136:16x86
Ksecdd.sys6.1.7601.2270567,52030-May-147:35x86
Ksecpkg.sys6.1.7601.22705136,64030-May-147:35x86
Lsasrv.dll6.1.7601.227051,060,86430-May-147:35x86
Lsasrv.mofNot applicable13,7809-Jul-136:22Not applicable
Lsass.exe6.1.7601.2270522,52830-May-147:34x86
Secur32.dll6.1.7601.2270522,01630-May-147:35x86
Sspicli.dll6.1.7601.22705100,35230-May-147:35x86
Sspisrv.dll6.1.7601.2270515,87230-May-147:35x86
Adtschema.dll6.1.7601.22705685,05630-May-147:30x86
Auditpol.exe6.1.7601.2270550,17630-May-147:34x86
Msaudite.dll6.1.7601.22705145,92030-May-147:32x86
Msobjs.dll6.1.7601.2270560,41630-May-147:32x86
Ncrypt.dll6.1.7601.18489220,16030-May-147:52x86
Ncrypt.dll6.1.7601.22705220,16030-May-147:35x86
Credssp.dll6.1.7601.1848917,40830-May-147:52x86
Tspkg.dll6.1.7601.1848965,53630-May-147:52x86
Tspkg.mofNot applicable9644-Jul-1312:24Not applicable
Credssp.dll6.1.7601.2270517,40830-May-147:35x86
Tspkg.dll6.1.7601.2270565,53630-May-147:35x86
Tspkg.mofNot applicable9649-Jul-136:39Not applicable
Wdigest.dll6.1.7601.18489172,03230-May-147:52x86
Wdigest.dll6.1.7601.22705172,03230-May-147:35x86
Kerberos.dll6.1.7601.18489550,91230-May-147:52x86
Kerberos.dll6.1.7601.22705551,42430-May-147:35x86
Msv1_0.dll6.1.7601.18489259,58430-May-147:52x86
Msv1_0.dll6.1.7601.22705260,09630-May-147:35x86
Schannel.dll6.1.7601.18489247,80830-May-147:52x86
Schannel.dll6.1.7601.22705247,80830-May-147:35x86
For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
File nameFile versionFile sizeDateTimePlatform
Certcli.dll6.1.7601.22705463,87230-May-148:00x64
Cng.sys6.1.7601.17919458,7124-Jul-1312:18x64
Ksecdd.sys6.1.7601.1848995,68030-May-148:09x64
Ksecpkg.sys6.1.7601.18489155,07230-May-148:09x64
Lsasrv.dll6.1.7601.184891,460,73630-May-148:08x64
Lsasrv.mofNot applicable13,7804-Jul-1312:20Not applicable
Lsass.exe6.1.7601.1848931,23230-May-148:07x64
Secur32.dll6.1.7601.1848928,16030-May-148:08x64
Sspicli.dll6.1.7601.18489136,19230-May-148:08x64
Sspisrv.dll6.1.7601.1848929,18430-May-148:08x64
Cng.sys6.1.7601.22076458,7049-Jul-136:26x64
Ksecdd.sys6.1.7601.2270595,68030-May-148:01x64
Ksecpkg.sys6.1.7601.22705155,07230-May-148:01x64
Lsasrv.dll6.1.7601.227051,462,27230-May-148:00x64
Lsasrv.mofNot applicable13,7809-Jul-136:30Not applicable
Lsass.exe6.1.7601.2270531,23230-May-148:00x64
Secur32.dll6.1.7601.2270528,16030-May-148:00x64
Sspicli.dll6.1.7601.22705136,19230-May-148:00x64
Sspisrv.dll6.1.7601.2270529,18430-May-148:00x64
Adtschema.dll6.1.7601.22705685,05630-May-147:55x64
Auditpol.exe6.1.7601.2270564,00030-May-147:59x64
Msaudite.dll6.1.7601.22705145,92030-May-147:57x64
Msobjs.dll6.1.7601.2270560,41630-May-147:57x64
Ncrypt.dll6.1.7601.18489307,20030-May-148:08x64
Ncrypt.dll6.1.7601.22705307,71230-May-148:00x64
Ocspisapi.dll6.1.7601.22705355,84030-May-148:00x64
Ocspisapictrs.hNot applicable1,4219-Jul-136:42Not applicable
Ocspisapictrs.iniNot applicable2,6369-Jul-136:42Not applicable
Ocspsvcctrs.iniNot applicable2,96030-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,13430-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,91830-May-147:56Not applicable
Ocspsvcctrs.iniNot applicable3,21030-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable3,09830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,02830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,14030-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,64230-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable2,57630-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,02630-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,02830-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable3,18830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,13030-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,06430-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable3,09230-May-149:06Not applicable
Ocspsvcctrs.iniNot applicable2,82830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,15830-May-149:07Not applicable
Ocspsvcctrs.iniNot applicable2,46030-May-149:06Not applicable
Ocspsvc.exe6.1.7601.22705276,48030-May-148:00x64
Ocspsvcctrs.hNot applicable1,5699-Jul-136:42Not applicable
Ocspsvcctrs.iniNot applicable2,9189-Jul-136:42Not applicable
Credssp.dll6.1.7601.1848922,01630-May-148:08x64
Tspkg.dll6.1.7601.1848986,52830-May-148:08x64
Tspkg.mofNot applicable9644-Jul-1312:25Not applicable
Credssp.dll6.1.7601.2270522,01630-May-148:00x64
Tspkg.dll6.1.7601.2270586,52830-May-148:00x64
Tspkg.mofNot applicable9649-Jul-136:41Not applicable
Wdigest.dll6.1.7601.18489210,94430-May-148:08x64
Wdigest.dll6.1.7601.22705210,94430-May-148:00x64
Kerberos.dll6.1.7601.18489728,06430-May-148:08x64
Kerberos.dll6.1.7601.22705729,08830-May-148:00x64
Msv1_0.dll6.1.7601.18489314,88030-May-148:08x64
Msv1_0.dll6.1.7601.22705315,90430-May-148:00x64
Schannel.dll6.1.7601.18489340,99230-May-148:08x64
Schannel.dll6.1.7601.22705340,99230-May-148:00x64
Lsasrv.mofNot applicable13,7804-Jul-1312:18Not applicable
Secur32.dll6.1.7601.1848922,01630-May-147:52x86
Sspicli.dll6.1.7601.1848996,76830-May-147:51x86
Lsasrv.mofNot applicable13,7809-Jul-136:22Not applicable
Secur32.dll6.1.7601.2270522,01630-May-147:35x86
Sspicli.dll6.1.7601.2270596,76830-May-147:34x86
Wdigest.dll6.1.7601.18489172,03230-May-147:52x86
Wdigest.dll6.1.7601.22705172,03230-May-147:35x86
Kerberos.dll6.1.7601.18489550,91230-May-147:52x86
Kerberos.dll6.1.7601.22705551,42430-May-147:35x86
Msv1_0.dll6.1.7601.18489259,58430-May-147:52x86
Msv1_0.dll6.1.7601.22705260,09630-May-147:35x86
Schannel.dll6.1.7601.18489247,80830-May-147:52x86
Schannel.dll6.1.7601.22705247,80830-May-147:35x86
Certcli.dll6.1.7601.22705342,52830-May-147:35x86
Adtschema.dll6.1.7601.22705685,05630-May-147:30x86
Auditpol.exe6.1.7601.2270550,17630-May-147:34x86
Msaudite.dll6.1.7601.22705145,92030-May-147:32x86
Msobjs.dll6.1.7601.2270560,41630-May-147:32x86
Ncrypt.dll6.1.7601.18489220,16030-May-147:52x86
Ncrypt.dll6.1.7601.22705220,16030-May-147:35x86
Credssp.dll6.1.7601.1848917,40830-May-147:52x86
Tspkg.dll6.1.7601.1848965,53630-May-147:52x86
Tspkg.mofNot applicable9644-Jul-1312:24Not applicable
Credssp.dll6.1.7601.2270517,40830-May-147:35x86
Tspkg.dll6.1.7601.2270565,53630-May-147:35x86
Tspkg.mofNot applicable9649-Jul-136:39Not applicable
For all supported IA-64-based versions of Windows Server 2008 R2
File nameFile versionFile sizeDateTimePlatform
Cng.sys6.1.7601.17919789,0244-Jul-1312:23IA-64
Ksecdd.sys6.1.7601.18489179,64830-May-147:22IA-64
Ksecpkg.sys6.1.7601.18489316,35230-May-147:22IA-64
Lsasrv.dll6.1.7601.184892,695,16830-May-147:22IA-64
Lsasrv.mofNot applicable13,7804-Jul-1312:25Not applicable
Lsass.exe6.1.7601.1848956,32030-May-147:21IA-64
Secur32.dll6.1.7601.1848948,64030-May-147:22IA-64
Sspicli.dll6.1.7601.18489275,45630-May-147:22IA-64
Sspisrv.dll6.1.7601.1848946,08030-May-147:22IA-64
Cng.sys6.1.7601.22076789,0249-Jul-136:23IA-64
Ksecdd.sys6.1.7601.22705179,64830-May-147:15IA-64
Ksecpkg.sys6.1.7601.22705316,35230-May-147:15IA-64
Lsasrv.dll6.1.7601.227052,697,21630-May-147:15IA-64
Lsasrv.mofNot applicable13,7809-Jul-136:28Not applicable
Lsass.exe6.1.7601.2270556,32030-May-147:14IA-64
Secur32.dll6.1.7601.2270548,64030-May-147:15IA-64
Sspicli.dll6.1.7601.22705275,45630-May-147:15IA-64
Sspisrv.dll6.1.7601.2270546,08030-May-147:15IA-64
Adtschema.dll6.1.7601.22705685,05630-May-147:10IA-64
Auditpol.exe6.1.7601.22705145,40830-May-147:14IA-64
Msaudite.dll6.1.7601.22705145,92030-May-147:12IA-64
Msobjs.dll6.1.7601.2270560,41630-May-147:12IA-64
Ncrypt.dll6.1.7601.18489551,93630-May-147:22IA-64
Ncrypt.dll6.1.7601.22705553,47230-May-147:15IA-64
Credssp.dll6.1.7601.1848949,66430-May-147:22IA-64
Tspkg.dll6.1.7601.18489188,41630-May-147:22IA-64
Tspkg.mofNot applicable9644-Jul-1312:32Not applicable
Credssp.dll6.1.7601.2270549,66430-May-147:15IA-64
Tspkg.dll6.1.7601.22705188,41630-May-147:15IA-64
Tspkg.mofNot applicable9649-Jul-136:41Not applicable
Wdigest.dll6.1.7601.18489475,13630-May-147:22IA-64
Wdigest.dll6.1.7601.22705475,13630-May-147:15IA-64
Kerberos.dll6.1.7601.184891,525,24830-May-147:22IA-64
Kerberos.dll6.1.7601.227051,526,27230-May-147:15IA-64
Msv1_0.dll6.1.7601.18489647,68030-May-147:22IA-64
Msv1_0.dll6.1.7601.22705650,24030-May-147:15IA-64
Schannel.dll6.1.7601.18489711,68030-May-147:22IA-64
Schannel.dll6.1.7601.22705712,19230-May-147:15IA-64
Lsasrv.mofNot applicable13,7804-Jul-1312:18Not applicable
Secur32.dll6.1.7601.1848922,01630-May-147:52x86
Sspicli.dll6.1.7601.1848996,76830-May-147:51x86
Lsasrv.mofNot applicable13,7809-Jul-136:22Not applicable
Secur32.dll6.1.7601.2270522,01630-May-147:35x86
Sspicli.dll6.1.7601.2270596,76830-May-147:34x86
Wdigest.dll6.1.7601.18489172,03230-May-147:52x86
Wdigest.dll6.1.7601.22705172,03230-May-147:35x86
Kerberos.dll6.1.7601.18489550,91230-May-147:52x86
Kerberos.dll6.1.7601.22705551,42430-May-147:35x86
Msv1_0.dll6.1.7601.18489259,58430-May-147:52x86
Msv1_0.dll6.1.7601.22705260,09630-May-147:35x86
Schannel.dll6.1.7601.18489247,80830-May-147:52x86
Schannel.dll6.1.7601.22705247,80830-May-147:35x86
Adtschema.dll6.1.7601.22705685,05630-May-147:30x86
Auditpol.exe6.1.7601.2270550,17630-May-147:34x86
Msaudite.dll6.1.7601.22705145,92030-May-147:32x86
Msobjs.dll6.1.7601.2270560,41630-May-147:32x86
Ncrypt.dll6.1.7601.18489220,16030-May-147:52x86
Ncrypt.dll6.1.7601.22705220,16030-May-147:35x86
Credssp.dll6.1.7601.1848917,40830-May-147:52x86
Tspkg.dll6.1.7601.1848965,53630-May-147:52x86
Tspkg.mofNot applicable9644-Jul-1312:24Not applicable
Credssp.dll6.1.7601.2270517,40830-May-147:35x86
Tspkg.dll6.1.7601.2270565,53630-May-147:35x86
Tspkg.mofNot applicable9649-Jul-136:39Not applicable
Status
Microsoft has confirmed that SHA512 hash algorithm is turned off by default for the TLS 1.2 protocol in the Microsoft products that are listed in the "Applies to" section.
More information
By default, the TLS hash algorithm SHA512 is disabled for the TLS 1.2 protocol on a computer that is running one of the affected products that are listed in this article. Therefore, you cannot use SHA512 as a hash algorithm between two computers that are using TLS 1.2 until you install the required updates that are listed in this article.

For more information about TLS, go to the following Microsoft website:
For more information about SHA512, go to the following Wiki website:
For more information about how to deploy SHA512 certificates on client computers, go to the following Microsoft website:
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Properties

Article ID: 2973337 - Last Review: 04/13/2015 05:39:00 - Revision: 6.0

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows 8 Enterprise, Windows 8 Pro, Windows 8, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Foundation, Windows Server 2008 R2 for Itanium-Based Systems, Windows 7 Ultimate, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Home Premium, Windows 7 Home Basic, Windows 7 Starter

  • kbfix atdownload kbexpertiseadvanced kbsurveynew KB2973337
Feedback
var varAutoFirePV = 1; var varClickTracking = 1; var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write("