{"id":6391,"date":"2024-05-10T03:01:27","date_gmt":"2024-05-09T18:01:27","guid":{"rendered":"https:\/\/m365jp.net\/?p=6391"},"modified":"2024-05-10T03:15:49","modified_gmt":"2024-05-09T18:15:49","slug":"mc791462-tls-server-authentication-deprecation-of-weak-rsa-certificates","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2024-05-10-mc791462-tls-server-authentication-deprecation-of-weak-rsa-certificates","title":{"rendered":"MC791462 | TLS server authentication: Deprecation of weak RSA certificates"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC791462 | TLS server authentication: Deprecation of weak RSA certificates<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>05\/09\/2024 17:01:33<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>05\/09\/2024 17:01:27<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>05\/09\/2025 17:01:27<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<div>Weak RSA key lengths for certificates will be deprecated on future Windows OS releases later this year. We recommend you use a stronger solution of at least 2048 bits length or an ECDSA certificate, if possible. Support for the RSA algorithm itself won\u2019t   be affected. Find details and recommended next steps in <a href=\"https:\/\/aka.ms\/DeprecationOfWeakRSACerts\" rel=\"noopener noreferrer\" target=\"_blank\">  TLS server authentication: Deprecation of weak RSA certificates<\/a>.&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>When will this happen:<\/b><\/div>\n<ul>\n<li>2012: Our first <a href=\"https:\/\/learn.microsoft.com\/security-updates\/SecurityAdvisories\/2012\/2661254\" rel=\"noopener noreferrer\" target=\"_blank\">  advisory<\/a> encourages moving away from keys shorter than 1024 bits.&nbsp;<\/li>\n<li>2013: The National Institute of Science and Technology (NIST) recommends discontinuing the use of 1024-bit RSA keys.&nbsp;&nbsp;<\/li>\n<li>2016: You\u2019ve been able to follow our <a href=\"https:\/\/learn.microsoft.com\/previous-versions\/windows\/it-pro\/windows-server-2012-R2-and-2012\/hh831574(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">  Certification Authority Guidance<\/a> to start implementing longer keys, among other measures.&nbsp;&nbsp;<\/li>\n<li>April 2024: The new recommended standard is available to those in the Windows Insider Program.&nbsp;<\/li>\n<li>Late 2024: 1024-bit RSA keys will be deprecated to further align with the latest internet standards and regulatory bodies.&nbsp;<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<div><b>How this will affect your organization:<\/b>&nbsp;<\/div>\n<div>So far, you\u2019ve been able to use 1024 bits as the shortest key length for RSA encryption. However, 1024-bit key lengths today provide insufficient security given the advancement of computing power and cryptanalysis techniques. Therefore, they will be discontinued   in the last quarter of this calendar year.&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>What you need to do to prepare:<\/b>&nbsp;<\/div>\n<div>In the next few months, try one of these two solutions:<\/div>\n<ul>\n<li>Switch to new TLS server authentication certificates with RSA key lengths of 2048 bits or higher for all your applications or services.&nbsp;<\/li>\n<li>Switch to smaller and faster ECDSA certificates.&nbsp;<\/li>\n<\/ul>\n<div>  <\/div>\n<div>See Additional information for more details.&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>Additional information:<\/b>&nbsp;<\/div>\n<ul>\n<li><a href=\"https:\/\/aka.ms\/DeprecationOfWeakRSACerts\" rel=\"noopener noreferrer\" target=\"_blank\">TLS server authentication: Deprecation of weak RSA certificates<\/a>&nbsp;<\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows\/whats-new\/deprecated-features\" rel=\"noopener noreferrer\" target=\"_blank\">Deprecated features in the Windows client<\/a>&nbsp;<\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows\/win32\/secauthn\/cipher-suites-in-schannel\" rel=\"noopener noreferrer\" target=\"_blank\">Cipher Suites in TLS\/SSL (Schannel SSP)<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<div>\u8a3c\u660e\u66f8\u306e\u5f31\u3044 RSA \u30ad\u30fc\u306e\u9577\u3055\u306f\u3001\u4eca\u5e74\u5f8c\u534a\u306e\u4eca\u5f8c\u306e Windows OS \u30ea\u30ea\u30fc\u30b9\u3067\u975e\u63a8\u5968\u306b\u306a\u308a\u307e\u3059\u3002\u53ef\u80fd\u3067\u3042\u308c\u3070\u3001\u5c11\u306a\u304f\u3068\u3082 2048 \u30d3\u30c3\u30c8\u9577\u306e\u3088\u308a\u5f37\u529b\u306a\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u307e\u305f\u306f ECDSA \u8a3c\u660e\u66f8\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002RSA \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u81ea\u4f53\u306e\u30b5\u30dd\u30fc\u30c8\u306f\u5f71\u97ff\u3092\u53d7\u3051\u307e\u305b\u3093\u3002\u8a73\u7d30\u3068\u63a8\u5968\u3055\u308c\u308b\u6b21\u306e\u30b9\u30c6\u30c3\u30d7\u306b\u3064\u3044\u3066\u306f\u3001\u300c  <a href=\"https:\/\/aka.ms\/DeprecationOfWeakRSACerts\" rel=\"noopener noreferrer\" target=\"_blank\">  TLS \u30b5\u30fc\u30d0\u30fc\u8a8d\u8a3c: \u8106\u5f31\u306a RSA \u8a3c\u660e\u66f8\u306e\u5ec3\u6b62<\/a>\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u3053\u308c\u306f\u3044\u3064\u767a\u751f\u3057\u307e\u3059\u304b:<\/b><\/div>\n<ul>\n<li>2012 \u5e74: \u6700\u521d\u306e <a href=\"https:\/\/learn.microsoft.com\/security-updates\/SecurityAdvisories\/2012\/2661254\" rel=\"noopener noreferrer\" target=\"_blank\">  \u30a2\u30c9\u30d0\u30a4\u30b6\u30ea<\/a> \u3067\u306f\u30011024 \u30d3\u30c3\u30c8\u3088\u308a\u77ed\u3044\u30ad\u30fc\u304b\u3089\u96e2\u308c\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u3066\u3044\u307e\u3059\u3002&nbsp;<\/li>\n<li>2013\u5e74:\u56fd\u7acb\u79d1\u5b66\u6280\u8853\u7814\u7a76\u6240(NIST)\u306f\u30011024\u30d3\u30c3\u30c8RSA\u30ad\u30fc\u306e\u4f7f\u7528\u3092\u4e2d\u6b62\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u3066\u3044\u307e\u3059\u3002&nbsp;&nbsp;<\/li>\n<li>2016 \u5e74: \u8a3c\u660e <a href=\"https:\/\/learn.microsoft.com\/previous-versions\/windows\/it-pro\/windows-server-2012-R2-and-2012\/hh831574(v=ws.11)\" rel=\"noopener noreferrer\" target=\"_blank\">  \u6a5f\u95a2\u306e\u30ac\u30a4\u30c0\u30f3\u30b9<\/a> \u306b\u5f93\u3063\u3066\u3001\u3088\u308a\u9577\u3044\u30ad\u30fc\u306e\u5b9f\u88c5\u3092\u958b\u59cb\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002&nbsp;&nbsp;<\/li>\n<li>2024 \u5e74 4 \u6708: Windows Insider Program \u306e\u30e6\u30fc\u30b6\u30fc\u304c\u65b0\u3057\u3044\u63a8\u5968\u6a19\u6e96\u3092\u5229\u7528\u3067\u304d\u307e\u3059\u3002&nbsp;<\/li>\n<li>2024 \u5e74\u5f8c\u534a: 1024 \u30d3\u30c3\u30c8\u306e RSA \u30ad\u30fc\u306f\u3001\u6700\u65b0\u306e\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u6a19\u6e96\u3068\u898f\u5236\u6a5f\u95a2\u3068\u306e\u6574\u5408\u6027\u3092\u3055\u3089\u306b\u9ad8\u3081\u308b\u305f\u3081\u306b\u5ec3\u6b62\u3055\u308c\u307e\u3059\u3002&nbsp;<\/li>\n<\/ul>\n<div>&nbsp;<\/div>\n<div><b>\u3053\u308c\u304c\u7d44\u7e54\u306b\u53ca\u307c\u3059\u5f71\u97ff:<\/b>&nbsp;<\/div>\n<div>\u3053\u3053\u307e\u3067\u306f\u3001RSA \u6697\u53f7\u5316\u306e\u6700\u77ed\u30ad\u30fc\u9577\u3068\u3057\u3066 1024 \u30d3\u30c3\u30c8\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002\u3057\u304b\u3057\u3001\u4eca\u65e5\u306e 1024 \u30d3\u30c3\u30c8\u306e\u9375\u9577\u306f\u3001\u8a08\u7b97\u80fd\u529b\u3068\u6697\u53f7\u89e3\u8aad\u6280\u8853\u306e\u9032\u6b69\u3092\u8003\u3048\u308b\u3068\u3001\u4e0d\u5341\u5206\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u4eca\u5e74\u306e\u6700\u7d42\u56db\u534a\u671f\u306b\u5ec3\u6b62\u3055\u308c\u307e\u3059\u3002&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068:<\/b>&nbsp;<\/div>\n<div>\u4eca\u5f8c\u6570\u304b\u6708\u4ee5\u5185\u306b\u3001\u6b21\u306e 2 \u3064\u306e\u89e3\u6c7a\u7b56\u306e\u3044\u305a\u308c\u304b\u3092\u8a66\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/div>\n<ul>\n<li>\u3059\u3079\u3066\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u307e\u305f\u306f\u30b5\u30fc\u30d3\u30b9\u306b\u3064\u3044\u3066\u3001RSA \u30ad\u30fc\u9577\u304c 2048 \u30d3\u30c3\u30c8\u4ee5\u4e0a\u306e\u65b0\u3057\u3044 TLS \u30b5\u30fc\u30d0\u30fc\u8a8d\u8a3c\u8a3c\u660e\u66f8\u306b\u5207\u308a\u66ff\u3048\u307e\u3059\u3002&nbsp;<\/li>\n<li>\u3088\u308a\u5c0f\u3055\u304f\u3001\u3088\u308a\u9ad8\u901f\u306aECDSA\u8a3c\u660e\u66f8\u306b\u5207\u308a\u66ff\u3048\u307e\u3059\u3002&nbsp;<\/li>\n<\/ul>\n<div>  <\/div>\n<div>\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u300c\u8ffd\u52a0\u60c5\u5831\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002&nbsp;<\/div>\n<div>&nbsp;<\/div>\n<div><b>\u8ffd\u52a0\u60c5\u5831:<\/b>&nbsp;<\/div>\n<ul>\n<li><a href=\"https:\/\/aka.ms\/DeprecationOfWeakRSACerts\" rel=\"noopener noreferrer\" target=\"_blank\">TLS \u30b5\u30fc\u30d0\u30fc\u8a8d\u8a3c: \u8106\u5f31\u306a RSA \u8a3c\u660e\u66f8<\/a>&nbsp;\u306e\u5ec3\u6b62<\/li>\n<li>Windows \u30af\u30e9\u30a4\u30a2\u30f3\u30c8&nbsp;<a href=\"https:\/\/learn.microsoft.com\/windows\/whats-new\/deprecated-features\" rel=\"noopener noreferrer\" target=\"_blank\">\u3067\u975e\u63a8\u5968\u306b\u306a\u3063\u305f\u6a5f\u80fd<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/windows\/win32\/secauthn\/cipher-suites-in-schannel\" rel=\"noopener noreferrer\" target=\"_blank\">TLS\/SSL \u306e\u6697\u53f7\u30b9\u30a4\u30fc\u30c8 (Schannel SSP)<\/a><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC791462 | TLS server authentication: Deprecation of weak RSA certificates Classification stayInformed Last Up [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6391","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/6391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=6391"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/6391\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=6391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=6391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=6391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}