Cannot Connect to Web Sites That Require SSL 3.0

When you use Internet Explorer on the operating systems listed at the beginning of this article, you cannot connect to some Web sites. For example, if you try to connect to https://www.microsoft.com, you may receive the following error message:The bottom of the error page may display "Cannot find server or DNS error."

This problem may occur if the target Web site requires a Secure Sockets Layer (SSL) 3.0 connection. On a site that requires an SSL 3.0 connection, any try to connect that does not meet the requirements of SSL 3.0 is denied by the Web site.

When Internet Explorer initiates an SSL 3.0 connection it sends a ClientHello message to the server. Part of the ClientHello message includes a section named RandomData. The SSL 3.0 specification requires that the first four bytes of the RandomData section sent by Internet Explorer must contain the client time stamp in "Unix Time" format. In all versions of Internet Explorer on Windows versions before Microsoft Windows XP, the Schannel.dll file only passes random data instead of a time stamp.

To see SSL 3.0 and Transport Layer Security protocol (TLS) SSL 3.0 documentation, visit the following Netscape Web site: The most recent Draft SSL 3.0 specification is an Internet Draft that is dated November 1996. It is a proprietary protocol and not an internet draft or standard. TLS 1.0 was an IETF draft and is a Proposed standard. To review information on the IETF's proposed timestamp standard, visit the following Web site and the locate section "7.4.1.2": Review the information on "Client hello" and "gmt_unix_time." Gmt_unix_time is the current time and date in standard UNIX 32-bit format (seconds since the midnight starting January 1, 1970, GMT) according to the sender's internal clock. Clocks are NOT REQUIRED to be set correctly by the basic TLS Protocol; higher level or application protocols may define additional requirements.

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.