Microsoft KB Archive/275592

{|
 * width="100%"|

INFO: Encryption/Decryption Support for SSL/SSPI on Windows NT 4.0

 * }

Q275592

-

The information in this article applies to:


 * Microsoft Win32 Application Programming Interface (API), included with:
 * Microsoft Windows NT Server version 4.0 SP4
 * Microsoft Windows NT Workstation version 4.0 SP4

-

SUMMARY
As of Microsoft Windows NT 4.0 Service Pack 4 (SP4), Windows NT 4.0 supports Secure Socket Layer (SSL) and Transport Layer Security (TLS) Encryption and Authentication through the Security Support Provider Interface (SSPI).

MORE INFORMATION
Before the release of SP4 for Windows NT 4.0, the SSPI EncryptMessage and DecryptMessage functions were not supported by the SSL/TLS Security Support Provider. Attempts to call these functions generate error code SEC_E_NOT_SUPPORTED. After you install SP4 or later on Windows NT 4.0, the EncryptMessage and DecryptMessage functions are supported for the SSL/TLS protocols. Microsoft Windows 2000 includes support for SSL/TLS Encryption and Decryption.

Although the EncryptMessage and DecryptMessage functions are supported for the SSL/TLS protocols as of SP4, installing certificates from Microsoft Certificate Server is much easier with Internet Explorer 4.0, because of the ability of Internet Explorer 4.0 to run the Certificate Enrollment control that is published by Certificate Server. For this reason it is preferable for platforms that use the SSL/TLS protocols to have Internet Explorer 4.0 or greater installed.

Internet Explorer 5.01 has a known issue regarding an incorrect internal key. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

"Q247367 Programs and Services that Use SSL or SSPI May Not Work After You Install Internet Explorer 5.01" By design, certificates for use with the SSL/TLS protocols on Windows 95, Windows 98, Windows Millennium Edition, and Microsoft Windows NT 4.0 must have private keys marked as exportable. When this is not the case the SSPI functions InitializeSecurityContext or AcceptSecurityContext will fail with:

0x80090304 - SEC_E_INTERNAL_ERROR.

Windows 2000 SSL/TLS protocols do not have this requirement.

For additional information about using these functions on Windows 95, Windows 98, and Windows Me, click the article number below to view the article in the Microsoft Knowledge Base:

"Q276245 Encryption/Decryption Support for SSL/SSPI on Windows 95 and Windows 98"