The following new features are introduced in Message Queuing 5.0, released with this version of Windows:
Ability to Handle a Large Number of Queues
Message Queuing 5.0 provides functionality to handle a significantly larger number of queues. Although Message Queuing 4.0 did not impose a specific limit on the number of queues that could be created, performance was negatively impacted if there were several thousand queues. Specifically, start up time of the Message Queuing services was greatly increased when loading queues into memory because of the queue lookup algorithm. The queue lookup algorithm used by Message Queuing at start up has been optimized for Windows® 7 and dramatically increases start up performance of Message Queuing when a very large number of queues are hosted on the system.
More Secure Authentication Algorithm
Message Queuing 5.0 supports Secure Hash Algorithm 2.0 (SHA2) and all advanced hash algorithms that are supported in this version of Windows. The default is SHA-2 with 512 bit digest length. Support for algorithms such as SHA1, Message Digest version 2 (MD2), MD4, MD5, and Message Authentication Code (MAC) have been disabled by default in Message Queuing 5.0 because these algorithms are considered less secure. To enable support for weaker algorithms, follow the steps below:
Enabling Support for Weaker Hash Algorithms
Weaker algorithms can be enabled to support any Message Queuing applications that require them by adding the WeakHashAlgorithms registry key. If this registry key is not present, as is the case by default, then all weaker algorithms are disabled. If the registry key is present, then all weaker algorithms are enabled. To enable only certain weak algorithms, you must add the registry key and specify the values of those weaker algorithms that you want to continue to disable.
Caution | |
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. |
To configure support for weaker authentication algorithms |
-
Click Start, and in Start Search, type regedit, and then press ENTER.
-
Navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\Security
-
On the Edit menu, point to New, and then click Key.
-
Type WeakHashAlgorithms as the name of the new registry key, and then press ENTER.
Note Adding this key enables support for all weaker authentication algorithms.
-
Right-click WeakHashAlgorithms, point to New, click DWORD (32-bit) Value, and then type any name for the new value.
-
Double-click the new DWORD (32-bit) Value, click Decimal, and then in Value data, type the appropriate value for the algorithm you want to disable:
- 32769 for MD2
- 32770 for MD4
- 32771 for MD5
- 32773 for MAC
- 32772 for SHA1
- 32769 for MD2
-
Click OK to close the Edit DWORD (32-bit) Value dialog box.
-
Create new DWORD (32-bit) values for additional algorithms that you want to also disable.
-
On the File menu, click Exit to close Registry Editor.
-
Restart the Message Queuing service to enact the registry change.
You can re-edit the registry to remove the respective value for an algorithm to support it.
If the Message Queuing application is run on this version of Windows and chooses a weaker authentication algorithm, Message Queuing will override the choice and use SHA2 instead, by default.
Enabling Support for Sending Authenticated Messages to MSMQ 1 and MSMQ 2 Clients
When sending messages to an MSMQ 1 or 2 client, authenticated messages will be rejected because MSMQ 1 and 2 do not provide support for SHA-2 authentication. Enable support for sending messages to MSMQ 1 and 2 clients by adding the DefaultHashAlgorithm registry key.
- If this registry key is not present, as is
the case by default, then messages will be authenticated using
SHA-2.
- If the registry key is present, then messages
will be authenticated with the specified algorithm.
To enable certain weaker algorithms, you must add the registry key and specify the value of the weaker algorithm that you want to enable.
Caution | |
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. |
To configure support for sending messages using a weaker authentication algorithm |
-
Click Start, and in Start Search, type regedit, and then press ENTER.
-
Navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Parameters\Security
-
On the Edit menu, point to New, and then click Key.
-
Type DefaultHashAlgorithm as the name of the new registry key, and then press ENTER.
Note Adding this key enables support for sending messages using certain weaker authentication algorithms.
-
Right-click DefaultHashAlgorithm, point to New, click DWORD (32-bit) Value, and then type any name for the new value.
-
Double-click the new DWORD (32-bit) Value, click Decimal, and then in Value data, type the appropriate value for the algorithm you want to enable:
- 32769 for MD2
- 32770 for MD4
- 32771 for MD5
- 32773 for MAC
- 32772 for SHA1
- 32769 for MD2
-
Click OK to close the Edit DWORD (32-bit) Value dialog box.
-
On the File menu, click Exit to close Registry Editor.
-
Restart the Message Queuing service to enact the registry change.
You can re-edit the registry to remove the respective value for an algorithm to disable support for it.