PASSPORT Knowledge Base
Configuration
Date Published: October 25, 2007
Date Updated: March 3, 2008
Title
Can't Connect to an SSL Secure Session from Windows Vista
Product
PASSPORT PC to Host, PASSPORT Web to Host
Emulation Types
TN3270, TN5250
Issue
I can't connect to an SSL enabled PASSPORT session from Windows Vista.
Solution
If you cannot get a PASSPORT SSL session to connect from a Windows Vista PC, it is possible that your host is only configured to use the DES cipher suite for secure connection. By default, Windows Vista disables this feature for security purposes. You will need to either re-configure SSL on your host to use a different cipher suite, or follow the steps below to enable the DES cipher suite on your Windows Vista PC to allow PASSPORT to work:
- Go to Start Menu, and type gpedit.msc in the Start Search and press <ENTER>. There might be a UAC elevation prompt. Just allow the action and proceed with the next step.
- Under Computer Configuration in Group Policy Object Editor, expand Administrative Templates, expand Network, expand SSL Configuration Settings, and then double-click SSL Cipher Suite Order.
- Select Enable and append TLS_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA, at the beginning of the pre-populated string value. (Beware of the ending comma and there should not be any embedded space inside the string).
- Click OK and restart your computer. (Note: gpupdate command will update the Group Policy settings but reconfiguration of SChannel.dll requires restart.)
More Information
Keywords
ssl, secure, security, windows, vista