DOCUMENT:Q148427 TITLE :Generic SSL (PCT/TLS) Updates for IIS and Microsoft Internet Products PRODUCT :IIS | Windows NT | Site Server | Exchange PROD/VER:3.0 | 4.0 | 3.0 | 5.0, 5.5 OPER/SYS:WINDOWS NT KEYWORD :iissecurity kbfile kbinterop -------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 with Service Pack 3 - Microsoft Windows NT Server, Enterprise Edition version 4.0 - Microsoft Internet Information Server versions 3.0 and 4.0 - Microsoft Site Server 3.0 Commerce Edition - Microsoft Site Server, Enterprise Edition - Microsoft Exchange Server 5.0 and 5.5 -------------------------------------------------------------------------- SUMMARY ======= On July 17, 1998 Microsoft released an updated version of Schannel.dll. This latest version provides the following benefits: - Resolves the vulnerability in SSL (Secure Sockets Layer) discovered by Daniel Bleichenbacher of Bell Labs. For more information, please see the following Microsoft Security Bulletin at: http://www.microsoft.com/security/bulletins/ms98-002.htm - Banks outside the U.S. and Canada can now use extremely strong 128-bit encryption. - Eliminates the need for separate SGC and non-SGC versions of Schannel.dll. - Corrects the "Bad Password" error message documented in the following article in the Microsoft Knowledge Base: ARTICLE-ID: Q179550 TITLE : Installing a Certificate in IIS May Result in Bad Password Error - Includes an updated version of Sgcinst.exe that corrects the problem where SGCINST appears to execute but SGC does not work. For more information, please see the following article in the Microsoft Knowledge Base: ARTICLE-ID: Q180018 TITLE : SGCINST.EXE Appears to Execute but SGC Does Not Work For more information on the Server Gated Cryptography (SGC), please go to the following Microsoft web site: http://www.microsoft.com/security/sgc/ MORE INFORMATION ================ Schannel.dll has been posted to the following Internet location: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/ssl-fix/ Residents of the US and Canada can download the North American (128-bit) version of Schannel.dll from: http://mssecure.www.conxion.com/cgi-bin/ntitar.pl Additional query words: 4.00 sp3 3.00 iis international banking win95 ie internet explorer 3.02 4.01 "adaptive chosen cyphertext" cryptoanalysis SSL2 PCT1 SSL3 TLS1 ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.