TLS/SSL 概述(Schannel SSP)TLS/SSL overview (Schannel SSP)

适用于:Windows Server(半年频道)、Windows Server 2016、Windows 10Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10

适用于 IT 专业人员的本主题介绍了使用 Schannel 安全服务提供程序(SSP)在 Windows 中实现的 TLS 和 SSL 实现,具体方法是:描述实际应用程序、Microsoft 实现中的更改和软件要求,以及 Windows Server 2012 和 Windows 8 的其他资源。This topic for the IT professional introduces the TLS and SSL implementations in Windows using the Schannel Security Service Provider (SSP) by describing practical applications, changes in Microsoft's implementation, and software requirements, plus additional resources for Windows Server 2012 and Windows 8.


Schannel 是安全支持提供程序 (SSP),可实现安全套接字层 (SSL) 和传输层安全 (TLS) Internet 标准身份验证协议。Schannel is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.

安全支持提供程序接口 (SSPI) 是 Windows 系统用于执行安全相关功能(包括身份验证)的 API。The Security Support Provider Interface (SSPI) is an API used by Windows systems to perform security-related functions including authentication. SSPI 充当多个 Ssp (包括 Schannel SSP)的通用接口。The SSPI functions as a common interface to several SSPs, including the Schannel SSP.

TLS 版本1.0、1.1 和1.2、SSL 版本2.0 和3.0、数据报传输层安全 ( DTLS ) 协议版本1.0 以及专用通信传输 ( PCT ) 协议基于公钥加密。TLS versions 1.0, 1.1, and 1.2, SSL versions 2.0 and 3.0, as well as the Datagram Transport Layer Security (DTLS) protocol version 1.0, and the Private Communications Transport (PCT) protocol are based on public key cryptography. Schannel 身份验证协议套件提供这些协议。The Schannel authentication protocol suite provides these protocols. 所有 Schannel 协议均使用客户端/服务器模型。All Schannel protocols use a client/server model.


管理网络时存在一个问题:需要保护跨不可信网络在应用程序之间发送的数据。One problem when you administer a network is securing data that is being sent between applications across an untrusted network. 你可以使用 TLS 和 SSL 对服务器和客户端计算机进行身份验证,然后使用协议对经过身份验证的参与方之间的消息进行加密。You can use TLS and SSL to authenticate servers and client computers and then use the protocol to encrypt messages between the authenticated parties.

例如,你可以将 TLS/SSL 用于:For example, you can use TLS/SSL for:

  • 电子商务网站受 SSL 保护的交易SSL-secured transactions with an e-commerce website
  • 对受 SSL 保护的网站的经身份验证的客户端访问Authenticated client access to an SSL-secured website
  • 远程访问Remote access
  • SQL 访问SQL access
  • 电子邮件E-mail


TLS 和 SSL 协议使用客户端/服务器模型,且基于需要公钥基础结构的证书身份验证。TLS and SSL protocols use a client/server model and are based on certificate authentication, which requires a public key infrastructure.

服务器管理器信息Server Manager information

无需执行任何配置步骤即可实现 TLS、SSL 或 Schannel。There are no configuration steps necessary to implement TLS, SSL or Schannel.

其他参考Additional References