Microsoft KB Archive/275592

From BetaArchive Wiki

INFO: Encryption/Decryption Support for SSL/SSPI on Windows NT 4.0

Q275592


The information in this article applies to:


  • Microsoft Win32 Application Programming Interface (API), included with:
    • Microsoft Windows NT Server version 4.0 SP4
    • Microsoft Windows NT Workstation version 4.0 SP4




SUMMARY

As of Microsoft Windows NT 4.0 Service Pack 4 (SP4), Windows NT 4.0 supports Secure Socket Layer (SSL) and Transport Layer Security (TLS) Encryption and Authentication through the Security Support Provider Interface (SSPI).



MORE INFORMATION

Before the release of SP4 for Windows NT 4.0, the SSPI EncryptMessage and DecryptMessage functions were not supported by the SSL/TLS Security Support Provider. Attempts to call these functions generate error code SEC_E_NOT_SUPPORTED. After you install SP4 or later on Windows NT 4.0, the EncryptMessage and DecryptMessage functions are supported for the SSL/TLS protocols. Microsoft Windows 2000 includes support for SSL/TLS Encryption and Decryption.

Although the EncryptMessage and DecryptMessage functions are supported for the SSL/TLS protocols as of SP4, installing certificates from Microsoft Certificate Server is much easier with Internet Explorer 4.0, because of the ability of Internet Explorer 4.0 to run the Certificate Enrollment control that is published by Certificate Server. For this reason it is preferable for platforms that use the SSL/TLS protocols to have Internet Explorer 4.0 or greater installed.

Internet Explorer 5.01 has a known issue regarding an incorrect internal key. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Q247367 Programs and Services that Use SSL or SSPI May Not Work After You Install Internet Explorer 5.01

By design, certificates for use with the SSL/TLS protocols on Windows 95, Windows 98, Windows Millennium Edition, and Microsoft Windows NT 4.0 must have private keys marked as exportable. When this is not the case the SSPI functions InitializeSecurityContext or AcceptSecurityContext will fail with:

0x80090304 - SEC_E_INTERNAL_ERROR.

Windows 2000 SSL/TLS protocols do not have this requirement.

For additional information about using these functions on Windows 95, Windows 98, and Windows Me, click the article number below to view the article in the Microsoft Knowledge Base:

Q276245 Encryption/Decryption Support for SSL/SSPI on Windows 95 and Windows 98



REFERENCES

For more information on using SSL/TLS through SSPI, see the SSPI overview, and the WebClient and WebServer samples in the Microsoft Platform SDK.

Additional query words: Schannel

Keywords : kbKernBase kbGrpDSKernBase _IK
Issue type : kbinfo
Technology : kbAudDeveloper kbWin32API


Last Reviewed: June 18, 2001
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.

Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/275592&oldid=257811
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki