Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Internet Explorer Renegotiates Secure Sockets Layer Connection Every Two Minutes
Article ID: 265369 - View products that this article applies to.
This article was previously published under Q265369
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/EN-US/ )Description of the Microsoft Windows Registry
When you connect by using a Secure Sockets Layer (SSL) session with Microsoft Internet Explorer, the SSL session is renegotiated every two minutes. You are generally not aware of this behavior, but it may be noticeable if you are using basic authentication over the SSL connection. In this case, the basic authentication dialog box prompts you to supply your credentials every two minutes.
In Microsoft Internet Explorer on Microsoft Windows NT 4.0, the SSL cache time-out interval is set to renegotiate every two minutes. This forces a full SSL handshake. With SSL, either the client or the server can start the renegotiation process. This interval is determined by the shortest SSL time-out value (either on the client or on the server). Since Internet Explorer has a two-minute interval, Internet Explorer forces the renegotiation of the SSL session every two minutes, regardless of the setting on the server.
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.
To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMSNOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix should have the following file attributes or later:
NOTE: This fix requires Internet Explorer 5.01 or later. If you are experiencing this problem in Internet Explorer 5, you must upgrade to Internet Explorer 5.01 or later before you install this hotfix. You must also reapply this hotfix each time that you upgrade Internet Explorer.
Date Version Size File name Platform ----------------------------------------------------------------- 09/7/2000 4.86.1964.1877 154,384 Schannel.dll Intel (40-bit) 09/7/2000 4.87.1964.1877 123,664 Schannel.dll Intel (128-bit)
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
You can control this behavior on the client by changing a registry setting. As described in the following Microsoft Knowledge Base article, you can add the ClientCacheTime DWORD value. You must add this value on each client computer:
247658To increase the SSL time-out value:
(http://support.microsoft.com/kb/247658/EN-US/ )How to Configure Secure Sockets Layer Server and Client Cache Elements
The key locations and values apply to all versions of the Schannel.dll file. Keep the interval on the server short for better management of the overall size of the Schannel cache.
NOTE: This problem does not occur in Microsoft Windows 2000 and Microsoft Windows Millennium Edition.