Article ID: 265369 - Last Review: January 27, 2007 - Revision: 1.5 Internet Explorer Renegotiates Secure Sockets Layer Connection Every Two MinutesThis article was previously published under Q265369 IMPORTANT: This article contains information about modifying the registry. Before you
modify the registry, make sure to back it up and make sure that you understand how to restore
the registry if a problem occurs. For information about how to back up, restore, and edit the
registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986
(http://support.microsoft.com/kb/256986/EN-US/
)
Description of the Microsoft Windows Registry
SYMPTOMS
When you connect by using a Secure Sockets Layer (SSL) session with Microsoft Internet Explorer, the SSL session is renegotiated every two minutes. You are generally not aware of this behavior, but it may be noticeable if you are using basic authentication over the SSL connection. In this case, the basic authentication dialog box prompts you to supply your credentials every two minutes.
CAUSE
In Microsoft Internet Explorer on Microsoft Windows NT 4.0, the SSL cache time-out interval is set to renegotiate every two minutes. This forces a full SSL handshake. With SSL, either the client or the server can start the renegotiation process. This interval is determined by the shortest SSL time-out value (either on the client or on the server). Since Internet Explorer has a two-minute interval, Internet Explorer forces the renegotiation of the SSL session every two minutes, regardless of the setting on the server.
RESOLUTIONA supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site: http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
(http://support.microsoft.com/default.aspx?scid=fh;en-us;cntactms)
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.The English version of this fix should have the following file attributes or later: Date Version Size File name Platform ----------------------------------------------------------------- 09/7/2000 4.86.1964.1877 154,384 Schannel.dll Intel (40-bit) 09/7/2000 4.87.1964.1877 123,664 Schannel.dll Intel (128-bit) STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. MORE INFORMATIONWARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk. You can control this behavior on the client by changing a registry setting. As described in the following Microsoft Knowledge Base article, you can add the ClientCacheTime DWORD value. You must add this value on each client computer: 247658
(http://support.microsoft.com/kb/247658/EN-US/
)
How to Configure Secure Sockets Layer Server and Client Cache Elements
To increase the SSL time-out value:
The key locations and values apply to all versions of the Schannel.dll file. Keep the interval on the server short for better management of the overall size of the Schannel cache. NOTE: This problem does not occur in Microsoft Windows 2000 and Microsoft Windows Millennium Edition. | Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
