Re: ISC_RET_xxx and ASC_RET_xxx bits

• Previous message: stephane_dev: "Using local and remote subauthentication packages (msv1_0, kerberos)"
• In reply to: Rhett Gong [MSFT]: "Re: ISC_RET_xxx and ASC_RET_xxx bits"
• Next in thread: Rhett Gong [MSFT]: "Re: ISC_RET_xxx and ASC_RET_xxx bits"
• Reply: Rhett Gong [MSFT]: "Re: ISC_RET_xxx and ASC_RET_xxx bits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 26 Jul 2005 06:38:26 -0400

No, you misunderstand.

Yes, I realize the ISC_REQ_CONFIDENTIALITY has to be requested by both sides. My point is that when both sides request
ISC_REQ_CONFIDENTIALITY and the SSL handshake completes with an OK (final calls), the ISC_RET_CONFIDENTIALITY bit is not set, yet
EncryptMessage and DecryptMessage work.

When I say "quit working", I mean that about 6-9 months ago, this code was written and tested on a 2000 server with SP4. At that
point, the ISC_RET_CONFIDENTIALITY bit was returned. Now, with 2000 server SP4 plus recent roll-up, that bit is not returned. I
also believe that the bit is not being returned on a 2003 SP1.

Does your example program actaully request encryption and the dump the resulting bits?

On Tue, 26 Jul 2005 07:29:25 GMT, v-raygon@online.microsoft.com (Rhett Gong [MSFT]) wrote:

>>Bottom line, is that ISC_RET_CONFIDENTIALITY is missing.
>You just request ISC_RET_CONFIDENTIALITY in the call, since whether ISC_RET_CONFIDENTIALITY is returned or not
>depends on the result from the negotiation, there is no guarantee that you will receive this flag, if client/server does not prefer.
>
>You said it stopped working while ISC return OK, could you post what subsequent call fails and what error it reports? In
>addition, have you tested the SDK sample, what result you get?
>
>Thanks,
>Rhett Gong [MSFT]
>Microsoft Online Partner Support
>Get Secure! - www.microsoft.com/security
>http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp&SD=msdn
>
>This posting is provided "AS IS" with no warranties and confers no rights.

-------------------------------------------
Roy Chastain
KMSYS Worldwide, Inc.
http://www.kmsys.com

• Previous message: stephane_dev: "Using local and remote subauthentication packages (msv1_0, kerberos)"
• In reply to: Rhett Gong [MSFT]: "Re: ISC_RET_xxx and ASC_RET_xxx bits"
• Next in thread: Rhett Gong [MSFT]: "Re: ISC_RET_xxx and ASC_RET_xxx bits"
• Reply: Rhett Gong [MSFT]: "Re: ISC_RET_xxx and ASC_RET_xxx bits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]