Microsoft Schannel (Microsoft Secure Channel)

The Microsoft Secure Channel or Schannel is a security package that facilitates the use of Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) encryption on Windows platforms.

Schannel contains four specific security protocols that provide identity authentication and private communication between a client and a server, and automatically chooses the best protocol depending on the capabilities of the client and server. The protocols include TLS 1.1 and 1.2, and SSL 2.0 and 3.0.

To create a secure connection, both the client and server need to obtain Schannel credentials (X.509 certificates) and then create a security session. Once the connection is established, information about the attributes of the credential and its context is available. If a connection is lost, it can be renegotiated by requesting a redo. Before shutting down the connection, both client and server need to perform a cleanup and then delete the connection.

In 2014, a serious Schannel vulnerability called WinShock was discovered. WinShock enables attackers to exploit a vulnerable system by sending specially crafted packets. It was rated 10.0, the maximum level of severity, according to the Common Vulnerability Scoring System. Windows released a patch for the flaw as part of its November 2014 Patch Tuesday cycle.

This was last updated in April 2015

Continue Reading About Microsoft Schannel (Microsoft Secure Channel)

Dig Deeper on Network security

Enterprise Desktop
Cloud Computing