Warning: The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see Internet Explorer 11 desktop app retirement FAQ.
INTRODUCTION
In certain situations, TLS/SSL handshake messages become too large to be contained in a single packet. In these situations, some third-party implementations of the TLS/SSL protocol fragment the messages before they are sent. However, the Microsoft implementation of the TLS/SSL protocol cannot parse fragmented messages. Therefore, Windows Internet Explorer on a computer that is running Windows Vista or Windows Server 2008 cannot connect to servers that use a third-party TLS/SSL protocol. Additionally, you receive the following error message when you try to connect to such a server.
The page cannot be displayed.
More Information
Update information
This update enables the Windows Vista and Windows Server 2008 Microsoft implementation of the TLS/SSL protocol to successfully parse fragmented messages that are sent by a third-party implementation of the TLS/SSL protocol.TLS Registry Settings. To configure how the Microsoft implementation of the TLS/SSL protocol handles fragmented TLS/SSL messages, create the appropriate registry key for you environment under the following registry subkey:
After you install the update, you can use registry keys to configure the maximum size of a fragmented message that the Microsoft implementation of the TLS/SSL protocol can parse. You can also use these registry keys to prevent the Microsoft implementation of the TLS/SSL protocol from processing fragmented messages. The following information applies to this update. For information about newer versions of Windows, seeHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel\Messaging\
On a client computer
-
Registry key: MessageLimitClient
-
Type: REG_DWORD
-
Value:
-
Null
If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x8000 bytes. -
0x0
If you set the value to 0x0, fragmented message are not processed. -
Between 0x0 and 0x8000
If you set a value between 0x0 and 0x8000, the value indicates the maximum allowed size (in bytes) of a fragmented message. -
Greater than 0x8000
If you set a value greater than 0x8000, the maximum allowed size of a fragmented message is 0x8000 bytes.
-
On a server that does not use client authentication
-
Registry key: MessageLimitServer
-
Type: REG_DWORD
-
Value:
-
Null
If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x4000 bytes. -
0x0
If you set the value to 0x0, fragmented message are not processed. -
Between 0x0 and 0x4000
If you set a value between 0x0 and 0x4000, the value indicates the maximum allowed size (in bytes) of a fragmented message. -
Greater than 0x4000
If you set a value greater than 0x4000, the maximum allowed size of a fragmented message is 0x4000 bytes.
-
On a server that uses client authentication
-
Registry key: MessageLimitServerClientAuth
-
Type: REG_DWORD
-
Value:
-
Null
If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x8000 bytes. -
0x0
If you set the value to 0x0 and the value of the MessageLimitServer registry entry to 0x0, fragmented messages are not processed. Otherwise, the value of the MessageLimitServer registry entry indicates the maximum allowed size of a fragmented message. -
Between 0x0 and 0x8000
If you set a value between 0x0 and 0x8000, the maximum allowed size of a fragmented message is calculated by using the following formula:max(MessageLimitServerClientAuth, MessageLimitServer)
-
Greater than 0x8000
If you set a value greater than 0x8000, the maximum allowed size of a fragmented message is 0x8000 bytes (if the MessageLimitServer registry entry is not set to be a value of 0x0).
-
How to obtain this update
The files are available for download from the Microsoft Update Catalog.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Prerequisites
To apply this update, you must be running one of the following operating systems:
-
Windows Vista Service Pack 1 (SP1)
-
Windows Vista Service Pack 2 (SP2)
-
Windows Server 2008
-
Windows Server 2008 Service Pack 2 (SP2)
For more information about how to obtain a Windows Vista service pack, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
968849 How to obtain the latest service pack for Windows Server 2008
Registry information
To use the update in this package, you do not have to make any changes to the registry.
Restart requirement
You may have to restart the computer after you apply this update.
Update replacement information
This update does not replace a previously released update.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:824684 Description of the standard terminology that is used to describe Microsoft software updates