Introducing Token Binding
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows 10
The Token Binding protocol allows applications and services to cryptographically bind their security tokens to the TLS layer to mitigate token theft and replay attacks. The long-lived, uniquely identifiable TLS [RFC5246] bindings can span multiple TLS sessions and connections.
- Windows 10, version 1507 – Off by default
- Windows 10, versions 1511 and 1607, and Windows Server 2016 – On by default
- Windows 10, version 1507 with servicing update KB4034668, Windows 10, version 1511 with servicing update KB4034660, Windows 10, version 1607 and Windows Server 2016 with servicing update KB4034658 support Token Binding Protocol version 0.10 – On by default
- Windows 10, version 1703 supports Token Binding Protocol version 0.10 – On by default
- Token Binding Protocol updated [draft-ietf-tokbind-protocol-10]
- TLS extension for token binding negotiation added [draft-ietf-tokbind-negotiation-05]
- WinInet & HTTP.SYS support of token binding over HTTP updated [draft-ietf-tokbind-https-06]
- Windows devices with Virtualization-based security enabled will keep the token binding keys in a protected environment that is isolated from the running operating system
Information about ASP .NET support can be found at the .NET Framework Reference Source.
For information about .NET Framework, see the following topics: