An update that enables Internet Explorer in Windows XP, in Windows Vista, or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available

Article translations Article translations
Article ID: 2541763 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

In certain situations, TLS/SSL handshake messages become too large to be contained in a single packet. In these situations, some third-party implementations of the TLS/SSL protocol fragment the messages before they are sent. However, the Microsoft implementation of the TLS/SSL protocol cannot parse fragmented messages. Therefore, Windows Internet Explorer on a computer that is running Windows XP, Windows Vista, or Windows Server 2008 cannot connect to servers that use a third-party TLS/SSL protocol. Additionally, you receive the following error message when you try to connect to such a server.
The page cannot be displayed.

MORE INFORMATION

Update information

This update enables the Microsoft implementation of the TLS/SSL protocol to successfully parse fragmented messages that are sent by a third-party implementation of the TLS/SSL protocol.

After you install the update, you can use registry keys to configure the maximum size of a fragmented message that the Microsoft implementation of the TLS/SSL protocol can parse. You can also use these registry keys to prevent the Microsoft implementation of the TLS/SSL protocol from processing fragmented messages.

To configure how the Microsoft implementation of the TLS/SSL protocol handles fragmented TLS/SSL messages, create the appropriate registry key for you environment under the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel\Messaging\

On a client computer

  • Registry key: MessageLimitClient
  • Type: REG_DWORD
  • Value:
    • Null

      If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x8000 bytes.
    • 0x0

      If you set the value to 0x0, fragmented message are not processed.
    • Between 0x0 and 0x8000

      If you set a value between 0x0 and 0x8000, the value indicates the maximum allowed size (in bytes) of a fragmented message.
    • Greater than 0x8000

      If you set a value greater than 0x8000, the maximum allowed size of a fragmented message is 0x8000 bytes.

On a server that does not use client authentication

  • Registry key: MessageLimitServer
  • Type: REG_DWORD
  • Value:
    • Null

      If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x4000 bytes.
    • 0x0

      If you set the value to 0x0, fragmented message are not processed.
    • Between 0x0 and 0x4000

      If you set a value between 0x0 and 0x4000, the value indicates the maximum allowed size (in bytes) of a fragmented message.
    • Greater than 0x4000

      If you set a value greater than 0x4000, the maximum allowed size of a fragmented message is 0x4000 bytes.

On a server that uses client authentication

  • Registry key: MessageLimitServerClientAuth
  • Type: REG_DWORD
  • Value:
    • Null

      If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x8000 bytes.
    • 0x0

      If you set the value to 0x0 and the value of the MessageLimitServer registry entry to 0x0, fragmented messages are not processed. Otherwise, the value of the MessageLimitServer registry entry indicates the maximum allowed size of a fragmented message.
    • Between 0x0 and 0x8000

      If you set a value between 0x0 and 0x8000, the maximum allowed size of a fragmented message is calculated by using the following formula:
      max(MessageLimitServerClientAuth, MessageLimitServer)
    • Greater than 0x8000

      If you set a value greater than 0x8000, the maximum allowed size of a fragmented message is 0x8000 bytes (if the MessageLimitServer registry entry is not set to be a value of 0x0).

How to obtain this update

The following files are available for download from the Microsoft Download Center:
Collapse this tableExpand this table
Operating systemUpdate
All supported x86-based versions of Windows XP
Collapse this imageExpand this image
Download
Download the update package now.
All supported x86-based versions of Windows Vista
Collapse this imageExpand this image
Download
Download the update package now.
All supported x64-based versions of Windows Vista
Collapse this imageExpand this image
Download
Download the update package now.
All supported x86-based versions of Windows Server 2008
Collapse this imageExpand this image
Download
Download the update package now.
All supported x64-based versions of Windows Server 2008
Collapse this imageExpand this image
Download
Download the update package now.
All supported IA-64-based versions of Windows Server 2008
Collapse this imageExpand this image
Download
Download the update package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this update, you must be running one of the following operating systems:
  • Windows XP Service Pack 3 (SP3)
  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)
For more information about how to obtain a Windows XP service pack, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to obtain the latest Windows XP service pack
For more information about how to obtain a Windows Vista service pack, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack
For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
968849 How to obtain the latest service pack for Windows Server 2008

Registry information

To use the update in this package, you do not have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2541763 - Last Review: July 8, 2011 - Revision: 4.0
APPLIES TO
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Starter Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Starter
  • Windows Vista Ultimate
  • Windows Vista Ultimate 64-bit Edition
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Foundation
  • Windows Server 2008 Standard
  • Windows Server 2008 Standard without Hyper-V
  • Windows Web Server 2008
Keywords: 
kbfix kbsurveynew kbexpertiseinter atdownload KB2541763

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com