← Writing
tag / windows
02 essays- The Schannel Registry Trap · 9 min
Windows TLS configuration is split across a registry tree, a per-process .NET override, and a runtime cache. Each layer reports the truth about itself and lies about the others. A short field note on how teams convince themselves a domain controller is hardened when it isn't.
- LDAPS Channel Binding and the Long Deprecation · 6 min
Microsoft has been moving LDAP channel binding from 'available' to 'required' for nearly seven years. The enforcement timeline keeps slipping because the third-party tail is large and quiet. A short note on what the registry key actually does, how to find the appliances that will break, and what to do before the DC stops accepting them.