Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
Cannot Connect to Web Sites That Require SSL 3.0
Article ID: 318815 - View products that this article applies to.
This article was previously published under Q318815
When you use Internet Explorer on the operating systems listed at the beginning of this article, you cannot connect to some Web sites. For example, if you try to connect to https://www.microsoft.com, you may receive the following error message:
The bottom of the error page may display "Cannot find server or DNS error."
Page cannot be displayed
This problem may occur if the target Web site requires a Secure Sockets Layer (SSL) 3.0 connection. On a site that requires an SSL 3.0 connection, any try to connect that does not meet the requirements of SSL 3.0 is denied by the Web site.
When Internet Explorer initiates an SSL 3.0 connection it sends a ClientHello message to the server. Part of the ClientHello message includes a section named RandomData. The SSL 3.0 specification requires that the first four bytes of the RandomData section sent by Internet Explorer must contain the client time stamp in "Unix Time" format. In all versions of Internet Explorer on Windows versions before Microsoft Windows XP, the Schannel.dll file only passes random data instead of a time stamp.
To see SSL 3.0 and Transport Layer Security protocol (TLS) SSL 3.0 documentation, visit the following Netscape Web site:
http://wp.netscape.com/eng/ssl3/The most recent Draft SSL 3.0 specification is an Internet Draft that is dated November 1996. It is a proprietary protocol and not an internet draft or standard. TLS 1.0 was an IETF draft and is a Proposed standard. To review information on the IETF's proposed timestamp standard, visit the following Web site and the locate section "18.104.22.168":
http://www.ietf.org/rfc/rfc2246.txtReview the information on "Client hello" and "gmt_unix_time." Gmt_unix_time is the current time and date in standard UNIX 32-bit format (seconds since the midnight starting January 1, 1970, GMT) according to the sender's internal clock. Clocks are NOT REQUIRED to be set correctly by the basic TLS Protocol; higher level or application protocols may define additional requirements.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/260910/EN-US/ )How to Obtain the Latest Windows 2000 Service Pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.
Article ID: 318815 - Last Review: May 10, 2007 - Revision: 3.9