Windows 11 24H2 and Windows Server 2025 has Kerb3961

Posted on 2025-06-23 by guenni

Windows[German]Brief note for administrators of clients with Windows 11 24H2.clients and Windows Server 2025 hosts. Microsoft has integrated the Kerb3961 library into these operating systems. This is a refactoring of the Kerberos cryptography engine in a separate library and shall improve the etype handling in networks.

Advertising

The name is derived from the Kerberos network protocol and the standard RFC3961. The library is intended to simplify the use of encryption types (etypes) within Kerberos network protocol. This is because in earlier versions of Windows, due to technical limitations at the time of implementation, there were cases where the use of etypes was hard-coded. The Kerb3961 policy engine bindingly determines which etypes are available in the various Kerberos key usage scenarios.

Kerb3961

The above tweet indicates that Microsoft published a tech community article entitled What's the deal with Kerb3961? at the beginning of June 2025. There, Microsoft explains what administrators need to know about Kerb3961 under the operating systems mentioned.

Advertising
This entry was posted in Security, Software, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).