Error message when a user tries to access a Web page by using SSL from a Windows Vista-based computer on a network that uses a Cisco PIX 515E firewall: "Internet Explorer cannot display the webpage"

Consider the following scenario. The network is running a Cisco PIX 515E firewall. A user tries to access a Web page in Windows Internet Explorer 7 by using Security Sockets Layer (SSL) from a computer that is running Windows Vista. However, the user receives the following error message:This issue does not occur if the user tries to access the same Web page from a computer that is running Microsoft Windows XP Service Pack 2 (SP2).

This issue occurs if the network is running Cisco PIX 515E firewall version 6.3(5). This particular version of the Cisco PIX 515E firewall is configured to use SSL cipher suites that support only DES encryption. By default, cipher suites that use DES encryption are turned off in Windows Vista. Therefore, a user cannot establish a SSL connection because a common cipher suite cannot be negotiated between Windows Vista and the firewall.

Upgrade deployments of Cisco PIX 515E firewall version 6.3(5) to a version that offers cryptographic support that is stronger than 56-bit DES. Contact Cisco to inquire about the availability of an update for the Cisco PIX 515E firewall that supports SSL with cipher suites that use 3DES encryption. For more information, visit the following Cisco Web site: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

If an upgrade is not possible, use Group Policy to enable 56-bit DES cipher suites in Windows Vista. This procedure is not intended as a long-term solution. Use this procedure only as a temporary workaround.

To enable 56-bit DES cipher suites in Windows Vista, follow these steps:

1. Click Start
   Collapse this imageExpand this image

   
   , type gpedit.msc in the Start Search box, and then click gpedit in the Programs list.
   
   
   Collapse this imageExpand this image

   
   If you are prompted for an administrator password or confirmation, type your password or click Continue.
2. Under Computer Configuration in Group Policy Object Editor, expand Administrative Templates, expand Network, expand SSL Configuration Settings, and then click SSL Cipher Suite Order.
3. Review, and then follow the instructions that are displayed on the screen for how to enable SSL cipher suites.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.