Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Warning: The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see Internet Explorer 11 desktop app retirement FAQ.

INTRODUCTION

In certain situations, TLS/SSL handshake messages become too large to be contained in a single packet. In these situations, some third-party implementations of the TLS/SSL protocol fragment the messages before they are sent. However, the Microsoft implementation of the TLS/SSL protocol cannot parse fragmented messages. Therefore, Windows Internet Explorer on a computer that is running Windows Vista or Windows Server 2008 cannot connect to servers that use a third-party TLS/SSL protocol. Additionally, you receive the following error message when you try to connect to such a server.

The page cannot be displayed.

More Information

Update information

This update enables the Windows Vista and Windows Server 2008 Microsoft implementation of the TLS/SSL protocol to successfully parse fragmented messages that are sent by a third-party implementation of the TLS/SSL protocol.

After you install the update, you can use registry keys to configure the maximum size of a fragmented message that the Microsoft implementation of the TLS/SSL protocol can parse. You can also use these registry keys to prevent the Microsoft implementation of the TLS/SSL protocol from processing fragmented messages.

The following information applies to this update. For information about newer versions of Windows, see TLS Registry Settings.
To configure how the Microsoft implementation of the TLS/SSL protocol handles fragmented TLS/SSL messages, create the appropriate registry key for you environment under the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel\Messaging\

On a client computer

  • Registry key: MessageLimitClient

  • Type: REG_DWORD

  • Value:

    • Null

      If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x8000 bytes.

    • 0x0

      If you set the value to 0x0, fragmented message are not processed.

    • Between 0x0 and 0x8000

      If you set a value between 0x0 and 0x8000, the value indicates the maximum allowed size (in bytes) of a fragmented message.

    • Greater than 0x8000

      If you set a value greater than 0x8000, the maximum allowed size of a fragmented message is 0x8000 bytes.

On a server that does not use client authentication

  • Registry key: MessageLimitServer

  • Type: REG_DWORD

  • Value:

    • Null

      If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x4000 bytes.

    • 0x0

      If you set the value to 0x0, fragmented message are not processed.

    • Between 0x0 and 0x4000

      If you set a value between 0x0 and 0x4000, the value indicates the maximum allowed size (in bytes) of a fragmented message.

    • Greater than 0x4000

      If you set a value greater than 0x4000, the maximum allowed size of a fragmented message is 0x4000 bytes.

On a server that uses client authentication

  • Registry key: MessageLimitServerClientAuth

  • Type: REG_DWORD

  • Value:

    • Null

      If you do not create this registry entry, the maximum allowed size of a fragmented message is 0x8000 bytes.

    • 0x0

      If you set the value to 0x0 and the value of the MessageLimitServer registry entry to 0x0, fragmented messages are not processed. Otherwise, the value of the MessageLimitServer registry entry indicates the maximum allowed size of a fragmented message.

    • Between 0x0 and 0x8000

      If you set a value between 0x0 and 0x8000, the maximum allowed size of a fragmented message is calculated by using the following formula:

      max(MessageLimitServerClientAuth, MessageLimitServer)

    • Greater than 0x8000

      If you set a value greater than 0x8000, the maximum allowed size of a fragmented message is 0x8000 bytes (if the MessageLimitServer registry entry is not set to be a value of 0x0).

How to obtain this update

The files are available for download from the Microsoft Update Catalog.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this update, you must be running one of the following operating systems:

  • Windows Vista Service Pack 1 (SP1)

  • Windows Vista Service Pack 2 (SP2)

  • Windows Server 2008

  • Windows Server 2008 Service Pack 2 (SP2)

For more information about how to obtain a Windows Vista service pack, click the following article number to view the article in the Microsoft Knowledge Base:

935791 How to obtain the latest Windows Vista service pack
  For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

968849 How to obtain the latest service pack for Windows Server 2008
 

Registry information

To use the update in this package, you do not have to make any changes to the registry.

Restart requirement

You may have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates
 

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×