Article ID: 929708 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Consider the following scenario. The network is running a Cisco PIX 515E firewall. A user tries to access a Web page in Windows Internet Explorer 7 by using Security Sockets Layer (SSL) from a computer that is running Windows Vista. However, the user receives the following error message:
This issue does not occur if the user tries to access the same Web page from a computer that is running Microsoft Windows XP Service Pack 2 (SP2).
Internet Explorer cannot display the webpage
This issue occurs if the network is running Cisco PIX 515E firewall version 6.3(5). This particular version of the Cisco PIX 515E firewall is configured to use SSL cipher suites that support only DES encryption. By default, cipher suites that use DES encryption are turned off in Windows Vista. Therefore, a user cannot establish a SSL connection because a common cipher suite cannot be negotiated between Windows Vista and the firewall.
Upgrade deployments of Cisco PIX 515E firewall version 6.3(5) to a version that offers cryptographic support that is stronger than 56-bit DES. Contact Cisco to inquire about the availability of an update for the Cisco PIX 515E firewall that supports SSL with cipher suites that use 3DES encryption. For more information, visit the following Cisco Web site:
http://www.cisco.com/Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
If an upgrade is not possible, use Group Policy to enable 56-bit DES cipher suites in Windows Vista. This procedure is not intended as a long-term solution. Use this procedure only as a temporary workaround.
To enable 56-bit DES cipher suites in Windows Vista, follow these steps:
Article ID: 929708 - Last Review: March 15, 2007 - Revision: 1.2