INFO: Encryption/Decryption Support for SSL/SSPI on Windows NT 4.0


As of Microsoft Windows NT 4.0 Service Pack 4 (SP4), Windows NT 4.0 supports Secure Socket Layer (SSL) and Transport Layer Security (TLS) Encryption and Authentication through the Security Support Provider Interface (SSPI).


Before the release of SP4 for Windows NT 4.0, the SSPI EncryptMessage and DecryptMessage functions were not supported by the SSL/TLS Security Support Provider. Attempts to call these functions generate error code SEC_E_NOT_SUPPORTED. After you install SP4 or later on Windows NT 4.0, the EncryptMessage and DecryptMessage functions are supported for the SSL/TLS protocols. Microsoft Windows 2000 includes support for SSL/TLS Encryption and Decryption.

Although the EncryptMessage and DecryptMessage functions are supported for the SSL/TLS protocols as of SP4, installing certificates from Microsoft Certificate Server is much easier with Internet Explorer 4.0, because of the ability of Internet Explorer 4.0 to run the Certificate Enrollment control that is published by Certificate Server. For this reason it is preferable for platforms that use the SSL/TLS protocols to have Internet Explorer 4.0 or greater installed.

Internet Explorer 5.01 has a known issue regarding an incorrect internal key. For additional information, click the article number below
to view the article in the Microsoft Knowledge Base:

247367 Programs and Services that Use SSL or SSPI May Not Work After You Install Internet Explorer 5.01

By design, certificates for use with the SSL/TLS protocols on Windows 95, Windows 98, Windows Millennium Edition, and Microsoft Windows NT 4.0 must have private keys marked as exportable. When this is not the case the SSPI functions InitializeSecurityContext or AcceptSecurityContext will fail with:
0x80090304 - SEC_E_INTERNAL_ERROR.
Windows 2000 SSL/TLS protocols do not have this requirement.


For more information on using SSL/TLS through SSPI, see the SSPI overview, and the WebClient and WebServer samples in the Microsoft Platform SDK.

Artikelnummer: 275592 – Letzte Überarbeitung: 14.02.2017 – Revision: 1