SSLTLS and Certificates

Previous page
Table of content
Next page
[Previous] [Next]

Internet Explorer 5 supports the industry-standard privacy and data integrity protocols: Secure Sockets Layer and Transport Layer Security. Internet Explorer also supports the Fortezza-enabled version of SSL.

Fortezza is a specification for hardware-based cryptography for use in the U.S. Department of Defense. It is used to transfer sensitive, but nonclassified, data. Fortezza enables secure SSL/TLS connections to Fortezza-enabled Web sites using Fortezza PCMCIA cards. IIS 5 also supports Fortezza; the TLS protocol currently does not.

You can determine which SSL/TLS protocols Internet Explorer supports by doing the following:

  1. Open Internet Explorer.

  2. Choose Internet Options from the Tools Menu.

  3. Click the Advanced tab.

Scroll down the Security node.

You can now set which SSL/TLS protocols you want to support. In highly secure environments, you should enable SSL 3.0 and TLS 1.0 but disable SSL 2.0 and PCT 1.0, as shown in Figure 4-4.

click to view at full size.

Figure 4-4. Setting SSL and TLS protocols in Internet Explorer 5.

What Is PCT?

Private Communication Technology (PCT) is a security technology akin to SSL and TLS. It was invented by Microsoft to address some of the weaknesses in the SSL2 protocol—namely, the situation in which an attacker could force SSL2 to "roll back" to a weaker set of cryptographic protocols (called ciphersuites). However, these issues were later remedied in SSL3 and TLS. Because of this, PCT is a deprecated protocol and should not be used.

Internet Explorer also supports X.509 client authentication certificates for strong authentication environments. Today, it's common that the certificate and associated private key be held in software or on a smartcard. Refer to Chapter 15, "An Introduction to Cryptography and Certificates in Windows 2000," for more information about certificates.

The Role of Schannel.dll

In Windows, you'll often hear of Schannel.dll in conjunction with SSL, PCT, and TLS. This DLL, an abbreviation for secure channel, performs all SSL/TLS functionality. The Windows Internet library, WinInet, also uses Schannel.dll to create secured channels between clients and servers.


Previous page
Table of content
Next page
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
ISBN: N/A
EAN: N/A
Year: 1999
Pages: 138
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
The .NET Developers Guide to Directory Services Programming
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
The Java Tutorial: A Short Course on the Basics, 4th Edition
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy