Hello
Recently with all the news about Windows Server 2012 R2 and Windows 8.1 Update KB 2919355 and WSUS problems I discovered that TLS 1.2 in general does not work if just one certificate in the whole certificate chain is signed with SHA512.
The problem is described here: http://www.michaelm.info/blog/?p=1273
Our company internal Root-CA certificate could now be a big problem as it is RSA 4096 / SHA512
Does Microsoft intend to support SHA512 with TLS 1.2 in near future?
Editing registry and adding RSA/SHA512 ECDSA/SHA512 on all servers and client computers is not an option.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003]
"Functions"
RSA/SHA256
RSA/SHA384
RSA/SHA1
ECDSA/SHA256
ECDSA/SHA384
ECDSA/SHA1
DSA/SHA1
If this is not going to be fixed we will need a new root certificate.