Copyright 2024, Alexander Hass https://www.hass.de/content/setup-microsoft-windows-or-iis-ssl-perfect-forward-secrecy-and-tls-12 # CHANGELOG.txt ## Branch 4.x - TLS 1.2 and TLS 1.3 ### Version 4.0.1 * Disable TLS 1.3 in Windows 10/2016/2019 as this is causing unexpected malfunctions. * Added Intel EMA server support for users who need AMT v12 support. Uncomment code line to enable. This is a workaround for an Intel BUG. Intel AMT documentation is incorrect as of today. ### Version 4.0 * Added TLS 1.3 support * Added Windows 2022 compatibility. * Remove warnings shown in Exchange HealthChecker, https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/ *** ## Branch 3.x - TLS 1.2 only ### Version 3.0.2 * Remove warnings shown in Exchange HealthChecker, https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/ ### Version 3.0.1 * Added Windows 2019 compatibility. ### Version 3.0.0 * Released 3.0.0-beta4 as final. No changes. ### Version 3.0.0-beta4 * Added AEAD ciphers back for Windows 2012R2 and older. ### Version 3.0.0-beta3 * Fixed outdated project URL. * Fixed documentation. ### Version 3.0.0-beta2 * Last item in $cipherSuitesOrder had comma attached and caused script failure. *** ## Branch 2.x - TLS 1.1 and TLS 1.2 ### Version 2.0.2 * Remove warnings shown in Exchange HealthChecker, https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/ ### Version 2.0.1 * Added Windows 2019 compatibility. ### Version 2.0.0 * Configure protocols for Internet Explorer. * Added SchUseStrongCrypto registry key to increase security for older .NET versions. ### Version 1.12 * Fixed version compare on winhttp.dll and webio.dll. No security or other changes. ### Version 1.11 * Disabled 3DES to get rid of all ciphers with less than 128bit encryption strength. ### Version 1.10 * Created PCI DSS 3.1 compatible version. *** ## Branch 1.x - TLS 1.0, TLS 1.1 and TLS 1.2 ### Version 1.9.3 * Remove warnings shown in Exchange HealthChecker, https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/ ### Version 1.9.2 * Added Windows 2019 compatibility. ### Version 1.9.1 * Configure protocols for Internet Explorer. * Added SchUseStrongCrypto registry key to increase security for older .NET versions. * Fixed version compare on winhttp.dll and webio.dll. No security or other changes. ### Version 1.9 * Enabled TLS 1.1 and TLS 1.2 for WinHttp client connections. * Hardening .NET 3.5 + 4.x client connections. * Hardening Diffie-Hellman Key Exchange. ### Version 1.8 * Windows 2016 powershell 5.1.14393.1532 requires 'else' statements in the same line after to the closing 'if' curly quote. ### Version 1.7 * Windows Version compare failed. Get-CimInstance requires Windows 2012 or later. ### Version 1.6 * OS version detection for cipher suites order. ### Version 1.5 * Enabled ECDH and more secure hash functions and reorderd cipher list. * Added Client setting for all ciphers. ### Version 1.4 * RC4 has been disabled. ### Version 1.3 * MD5 has been disabled. ### Version 1.2 * Re-factored code style and output ### Version 1.1 * SSLv3 has been disabled. (Poodle attack protection)