Microsoft KB Archive/276245

{|
 * width="100%"|

INFO: Encryption/Decryption Support for SSL/SSPI on Windows 95 and Windows 98

 * }

Q276245

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), included with:
 * Microsoft Windows 95
 * Microsoft Windows 98
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows Millennium Edition

-

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the &quot;Restoring the Registry&quot; Help topic in Regedit.exe or the &quot;Restoring a Registry Key&quot; Help topic in Regedt32.exe.

SUMMARY
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) Security Support Provider for Windows 95 and Windows 98 can support the EncryptMessage and DecryptMessage functions with Microsoft Internet Explorer 5.01 or greater, and the Directory Service Client installed. Windows Millennium Edition (Me) supports EncryptMessage and DecryptMessage with no modifications.

MORE INFORMATION
Before the release of Internet Explorer 5.01 and the Directory Service Client for Windows 95 and Windows 98, the SSPI EncryptMessage and DecryptMessage functions were not supported by the SSL/TLS Security Support Provider. Attempts to call these functions generated the following error code:

"0x80090302 - SEC_E_NOT_SUPPORTED or SEC_E_UNSUPPORTED_FUNCTION" The Directory Service Client (Dsclient.exe) is available on the Microsoft Windows 2000 Installation CD, or by contacting Microsoft Developer Support. In addition to installing Internet Explorer 5.01 or greater and the Directory Service Client, the SChannel Security Support Provider must be enabled in the registry.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the &quot;Changing Keys and Values&quot; Help topic in Registry Editor (Regedit.exe) or the &quot;Add and Delete Information in the Registry&quot; and &quot;Edit Registry Data&quot; Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).

To enable the SChannel security package, use Regedit.exe to change the following registry key value:


 * 1) Start Registry Editor (Regedit.exe).
 * 2) Locate the following key in the registry:
 * 3) On the Edit menu, click Modify, and then modify the following registry value:
 * 4) Quit Registry Editor.

After you install Internet Explorer 5.01 or greater and the Directory Service Client, and then make the above registry modification, the EncryptMessage and DecryptMessage functions will be supported for the SSL/TLS protocols on Windows 95 and Windows 98.

Internet Explorer 5.01 has a known issue regarding an incorrect internal key. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

"Q247367 Programs and Services that Use SSL or SSPI May Not Work After You Install Internet Explorer 5.01" By design, certificates for use with the SSL/TLS protocols on Windows 95, Windows 98, Windows Millennium Edition, and Microsoft Windows NT 4.0 must have private keys marked as exportable. When this is not the case the SSPI functions InitializeSecurityContext or AcceptSecurityContext will fail with:

0x80090304 - SEC_E_INTERNAL_ERROR.

Windows 2000 SSL/TLS protocols do not have this requirement.

For additional information about using these functions with Windows NT 4.0, click the article number below to view the article in the Microsoft Knowledge Base:

"Q275592 Encryption/Decryption Support for SSL/SSPI on Windows NT 4.0"