Microsoft KB Archive/842607

= Internet Explorer 6 SP1 may stop responding when you try to connect to a secure Web site =

Article ID: 842607

Article Last Modified on 2/18/2005

-

APPLIES TO


 * Microsoft Internet Explorer 6.0 Service Pack 1, when used with:
 * Microsoft Windows XP Embedded

-





SYMPTOMS
When you try to use Microsoft Internet Explorer 6 Service Pack 1 (SP1) to connect to a secure Web site (https://), Internet Explorer may stop responding (hang).



CAUSE
This problem may occur when the use of Federal Information Processing Standard (FIPS) encryption algorithms is enforced through the Computer Configuration Security Options policy.

Some Secure Sockets Layer (SSL) implementations send a zero-length packet as the first message over an SSL connection. This behavior occurs only when a block cipher such as Triple Data Encryption Standard (Triple DES) is used, and is intended as a workaround for a known block cipher chaining vulnerability. The Internet extensions for the Wininet.dll file does not interpret this zero-length packet correctly.



WORKAROUND
To successfully connect to a secure Web site, disable the system policy that requires FIPS-compliant algorithms. To do this, follow these steps:
 * 1) Click Start, and then click Control Panel.
 * 2) Click Performance and Maintenance.
 * 3) Click Administrative Tools.
 * 4) Double-click Local Security Policy.
 * 5) Expand Local Policies.
 * 6) Click Security Options.
 * 7) In the Policy list, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
 * 8) Click Disabled, and then click OK.
 * 9) Restart your computer.



MORE INFORMATION
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

811834 Cannot visit SSL sites after you enable FIPS compliant cryptography

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

811833 The effects of enabling the &quot;System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing&quot; security setting in Windows XP and later versions

Additional query words: fips tls cbc

Keywords: kbtshoot kbprb KB842607

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.