Microsoft KB Archive/318815

= Cannot Connect to Web Sites That Require SSL 3.0 =

Article ID: 318815

Article Last Modified on 5/10/2007

-

APPLIES TO

 Microsoft Internet Explorer 6.0, when used with:  Microsoft Windows 2000 Advanced Server

 Microsoft Windows 2000 Datacenter Server

 Microsoft Windows 2000 Professional Edition 

-

<div class="notice_section">

This article was previously published under Q318815

<div class="symptoms_section">

SYMPTOMS
When you use Internet Explorer on the operating systems listed at the beginning of this article, you cannot connect to some Web sites. For example, if you try to connect to https://www.microsoft.com, you may receive the following error message:

Page cannot be displayed

The bottom of the error page may display &quot;Cannot find server or DNS error.&quot;

<div class="cause_section">

CAUSE
This problem may occur if the target Web site requires a Secure Sockets Layer (SSL) 3.0 connection. On a site that requires an SSL 3.0 connection, any try to connect that does not meet the requirements of SSL 3.0 is denied by the Web site.

<div class="moreinformation_section">

MORE INFORMATION
When Internet Explorer initiates an SSL 3.0 connection it sends a ClientHello message to the server. Part of the ClientHello message includes a section named RandomData. The SSL 3.0 specification requires that the first four bytes of the RandomData section sent by Internet Explorer must contain the client time stamp in &quot;Unix Time&quot; format. In all versions of Internet Explorer on Windows versions before Microsoft Windows XP, the Schannel.dll file only passes random data instead of a time stamp.

To see SSL 3.0 and Transport Layer Security protocol (TLS) SSL 3.0 documentation, visit the following Netscape Web site:

http://wp.netscape.com/eng/ssl3/

The most recent Draft SSL 3.0 specification is an Internet Draft that is dated November 1996. It is a proprietary protocol and not an internet draft or standard. TLS 1.0 was an IETF draft and is a Proposed standard. To review information on the IETF's proposed timestamp standard, visit the following Web site and the locate section &quot;7.4.1.2&quot;:

http://www.ietf.org/rfc/rfc2246.txt

Review the information on &quot;Client hello&quot; and &quot;gmt_unix_time.&quot; Gmt_unix_time is the current time and date in standard UNIX 32-bit format (seconds since the midnight starting January 1, 1970, GMT) according to the sender's internal clock. Clocks are NOT REQUIRED to be set correctly by the basic TLS Protocol; higher level or application protocols may define additional requirements.

<div class="resolution_section">

RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

Keywords: kbhotfixserver kbqfe kbsecurity kbprb kbbug kbfix kbwin2000sp3fix KB318815

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.