HTTP 403.5 - Forbidden: SSL 128 Required Error Occurs with Require Secure Channel Option Disabled (308255)


The information in this article applies to:

  • Microsoft Internet Information Services version 5.1
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
This article was previously published under Q308255
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SYMPTOMS

When you try to browse to a Web site by using HTTP, the following error may occur in your browser, even though you have disabled the Require Secure Channel option:
HTTP 403.5 - Forbidden: SSL 128 required

CAUSE

When you enable the 128-bit SSL requirement in conjunction with the general SSL requirement, the 128-bit SSL requirement remains enabled until it is explicitly turned off (independent of the parent SSL requirement).

RESOLUTION

To resolve this problem, follow the steps that correspond to the version of IIS that you are using.

For Internet Information Server 4.0

  1. Open the Internet Services Manager, right-click the problem Web site, and then click Properties.
  2. Click the Directory Security tab, and then click Edit next to Secure Communications.
  3. Click Encryption Settings, and then click to uncheck the Require 128-bit encryption check box.
  4. Click OK three times to close the dialog boxes.

For Internet Information Services 5.0 and 5.1

  1. Open the Internet Services Manager, right-click the problem Web site, and then click Properties.
  2. Click the Directory Security tab, and then click Edit next to Secure Communications.
  3. Click to check the Require Secure Channel (SSL) check box.
  4. Click to uncheck the Require 128-bit encryption check box.
  5. Click to uncheck the Require Secure Channel (SSL) check box.
  6. Click OK to close all open dialog boxes. Select Inheritance Overrides accordingly, if you are prompted.

STATUS

Microsoft has confirmed that this is a problem in Microsoft IIS 4.0, 5.0, and 5.1.

MORE INFORMATION

For additional information on configuring SSL, click the article numbers below to view the articles in the Microsoft Knowledge Base:

300398 IIS: Cannot Create a 128-bit SSL Session with IIS

299525 HOWTO: Set Up SSL Using IIS 5.0 and Certificate Server 2.0

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

267932 Secure Communication Shows Key Manager Button, But No Edit Button

Modification Type:MinorLast Reviewed:6/23/2005
Keywords:kbpending kbprb KB308255
©2004 Microsoft Corporation. All rights reserved.