DOCUMENT:Q148427
TITLE   :Generic SSL (PCT/TLS) Updates for IIS and Microsoft Internet Products
PRODUCT :IIS | Windows NT | Site Server | Exchange
PROD/VER:3.0 | 4.0 | 3.0 | 5.0, 5.5
OPER/SYS:WINDOWS NT
KEYWORD :iissecurity kbfile kbinterop

--------------------------------------------------------------------------
The information in this article applies to:

 - Microsoft Windows NT Server version 4.0 with Service Pack 3
 - Microsoft Windows NT Server, Enterprise Edition version 4.0
 - Microsoft Internet Information Server versions 3.0 and 4.0
 - Microsoft Site Server 3.0 Commerce Edition 
 - Microsoft Site Server, Enterprise Edition 
 - Microsoft Exchange Server 5.0 and 5.5
--------------------------------------------------------------------------

SUMMARY
=======

On July 17, 1998 Microsoft released an updated version of Schannel.dll.
This latest version provides the following benefits:

 - Resolves the vulnerability in SSL (Secure Sockets Layer) discovered by
   Daniel Bleichenbacher of Bell Labs. For more information, please see the
   following Microsoft Security Bulletin at:

      http://www.microsoft.com/security/bulletins/ms98-002.htm

 - Banks outside the U.S. and Canada can now use extremely strong 128-bit
   encryption.

 - Eliminates the need for separate SGC and non-SGC versions of
   Schannel.dll.

 - Corrects the "Bad Password" error message documented in the following
   article in the Microsoft Knowledge Base:

      ARTICLE-ID: Q179550
      TITLE     : Installing a Certificate in IIS May Result in Bad
                  Password Error

 - Includes an updated version of Sgcinst.exe that corrects the problem
   where SGCINST appears to execute but SGC does not work. For more
   information, please see the following article in the Microsoft Knowledge
   Base:

      ARTICLE-ID: Q180018
      TITLE     : SGCINST.EXE Appears to Execute but SGC Does Not Work

For more information on the Server Gated Cryptography (SGC), please go 
to the following Microsoft web site:

   http://www.microsoft.com/security/sgc/

MORE INFORMATION
================

Schannel.dll has been posted to the following Internet location:

   ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/ssl-fix/

Residents of the US and Canada can download the North American (128-bit)
version of Schannel.dll from:

   http://mssecure.www.conxion.com/cgi-bin/ntitar.pl

Additional query words: 4.00 sp3 3.00 iis international banking win95 ie
internet explorer 3.02 4.01 "adaptive chosen cyphertext" cryptoanalysis
SSL2 PCT1 SSL3 TLS1
============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.