Microsoft KB Archive/320894

= Pocket Internet Explorer Quits When You Connect to an SSL Site with the DES56 Cipher =

Article ID: 320894

Article Last Modified on 5/27/2005

-

APPLIES TO


 * Microsoft Pocket PC 2002 Software Standard Edition

-



This article was previously published under Q320894



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
Microsoft Pocket Internet Explorer may quit unexpectedly when you connect to a Secure Sockets Layer (SSL) Web site that is configured to use the DES56 cipher algorithm.



CAUSE
This issue occurs because the DES56 cipher algorithm is not implemented on Pocket PC 2002-based devices, but is incorrectly turned on in the registry.



WORKAROUND
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this problem, turn off the DES56 cipher algorithm on the Pocket PC 2002-based device. To turn off the DES56 cipher algorithm on a Pocket PC 2002-based device, set the Enabled value in the following registry key to 0:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56

After you do this, Pocket Internet Explorer does not offer the DES56 cipher algorithm in the &quot;Client Hello&quot; information. Therefore, the SSL server chooses another algorithm such as the RC4-128 algorithm.

To deploy this workaround to many Pocket PC 2002-based devices, you can create a .cab file that changes the registry. You can then make the .cab file available for download from your Web site. After a user downloads the .cab file, the user can install the file by tapping it. The user can later undo the registry changed by using the Remove Programs tool in Control Panel.

You can use the Windows CE CAB Wizard that is included with the Microsoft Pocket PC 2002 Software Development Kit (SDK) to create the .cab file. To do this, save the following text as a file that is named Des56off.inf in the C:\Cab folder:

[Version]

Signature = &quot;$Windows NT$&quot;

Provider = &quot;My Company&quot;

CESignature = &quot;$Windows CE$&quot;

[CEStrings]

AppName = Disable DES56 Cipher

InstallDir = %CE1%\%AppName%

[Strings]

reg_path = SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56

[DefaultInstall]

AddReg = RegSettings.All

[SourceDisksNames]

1=,&quot;Common files&quot;,,C:\CAB

[SourceDisksFiles]

des56off.inf=1

[DestinationDirs]

DefaultDestDir = 0,%InstallDir%

[RegSettings.All]

HKLM,%reg_path%,Enabled,0x00010001,0

Use the following command to create the .cab file by using the Windows CE CAB Wizard:

&quot;c:\windows ce tools\wce300\pocket pc 2002\support\activesync\windows ce application installation\cabwiz\cabwiz.exe&quot; c:\cab\des56off.inf

You might have to change this command line if you installed the Pocket PC 2002 SDK in a folder other than the C:\Windows CE Tools folder. For additional information about the Windows CE CAB Wizard, view the Pocket PC 2002 SDK documentation.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbfix kbenv kbprb KB320894

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.