Can't Connect to an SSL Secure Session from Windows Vista

PASSPORT Knowledge Base
Configuration

Date Published: October 25, 2007

Date Updated: March 3, 2008

Title

Product

PASSPORT PC to Host, PASSPORT Web to Host

Emulation Types

TN3270, TN5250

Issue

I can't connect to an SSL enabled PASSPORT session from Windows Vista.

Solution

If you cannot get a PASSPORT SSL session to connect from a Windows Vista PC, it is possible that your host is only configured to use the DES cipher suite for secure connection. By default, Windows Vista disables this feature for security purposes. You will need to either re-configure SSL on your host to use a different cipher suite, or follow the steps below to enable the DES cipher suite on your Windows Vista PC to allow PASSPORT to work:

Go to Start Menu, and type gpedit.msc in the Start Search and press <ENTER>. There might be a UAC elevation prompt. Just allow the action and proceed with the next step.
Under Computer Configuration in Group Policy Object Editor, expand Administrative Templates, expand Network, expand SSL Configuration Settings, and then double-click SSL Cipher Suite Order.
Select Enable and append TLS_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA, at the beginning of the pre-populated string value. (Beware of the ending comma and there should not be any embedded space inside the string).
Click OK and restart your computer. (Note: gpupdate command will update the Group Policy settings but reconfiguration of SChannel.dll requires restart.)

More Information

Windows Vista support added in PASSPORT PC to Host version 2007-914 and PASSPORT Web to Host version 2007-1228

Keywords

ssl, secure, security, windows, vista

PASSPORT Knowledge Base Configuration