Schannel contains four specific security protocols that provide identity authentication and private communication between a client and a server, and automatically chooses the best protocol depending on the capabilities of the client and server. The protocols include TLS 1.1 and 1.2, and SSL 2.0 and 3.0.Content Continues Below
To create a secure connection, both the client and server need to obtain Schannel credentials (X.509 certificates) and then create a security session. Once the connection is established, information about the attributes of the credential and its context is available. If a connection is lost, it can be renegotiated by requesting a redo. Before shutting down the connection, both client and server need to perform a cleanup and then delete the connection.
In 2014, a serious Schannel vulnerability called WinShock was discovered. WinShock enables attackers to exploit a vulnerable system by sending specially crafted packets. It was rated 10.0, the maximum level of severity, according to the Common Vulnerability Scoring System. Windows released a patch for the flaw as part of its November 2014 Patch Tuesday cycle.