Re: OutlookXP defaults to 40-bit encryption
From: Michel Gallant (MVP) (neutron@istar.ca)
Date: 11/24/02
- Next message: Karl Levinson [x y] mvp: "Re: Virus Problem"
- Previous message: Shawn: "Virus Problem"
- In reply to: John Banes [MS]: "Re: OutlookXP defaults to 40-bit encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 24 Nov 2002 17:04:07 -0500 From: "Michel Gallant (MVP)" <neutron@istar.ca>
>From form limited material I have read, if Outlook Express receives a signed
email with the "SMimeCapabilities" attribute included in the S-MIME signed
pkcs7 block, then OE will use the first listed encryption preference (if it is available
on the current platform). Other S-MIME capable clients may or may-not
use that attribute. The details of how S-MIME clients "must should and can" behave
are specified in great detail in:
RFC 2311 "S-MIME Version 2 Message Specification"
As an example, when I send a signed mail using my Verisign personal
cert. from Netscape Messenger, it specifies 3DES as the first SMimeCapabilities
item, which if received by OE, OE will use to encrypt with 3DES to my email identity.
It would be very useful to have a nice updated list of the various available
S-MIME capable clients and if/how they implement this encryption-preference functionality.
There is an on-going discussion of closely related information in the
CAPICOM mail-list.
Hope this helps.
- Michel Gallant
MVP Security
http://pages.istar.ca/~neutron
"John Banes [MS]" wrote:
> Outlook does not use schannel to encrypt email messages, so changing these
> registry entries will have no effect, except to possibly mess up your SSL
> (and HTTPS) configuration. Not something I would recommend.
>
> My understanding of Outlook is somewhat limited, but I've heard that Outlook
> won't encrypt messages using 128-bit encryption until it's received a
> message from the recepient that indicates that their mail client supports
> 128-bit encryption.
>
> --
> Regards,
>
> John Banes
> [Microsoft Security Developer]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please do not send email directly to this alias. This alias is for newsgroup
> purposes only.
> "Jerry Benton" <jcbenton@atsugi.navy.mil> wrote in message
> news:fd8c01c291e9$890d6880$8af82ecf@TK2MSFTNGXA03...
> At your own risk..... I am not an MS weenie, but I am a
> PKI engineer. Your milage may vary....
>
> It will take some registry drilling:
>
> HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Securit
> yProviders/SCHANNEL
>
> Configure the DWORD hexadecimal value to 0 (zero) for the
> following: <Disabled>
>
> § /Ciphers/NULL
> § /Ciphers/RC2 128/128
> § /Ciphers/RC2 40/128
> § /Ciphers/RC2 56/128
> § /Ciphers/RC4 128/128
> § /Ciphers/RC4 40/128
> § /Ciphers/RC4 56/128
> § /Ciphers/RC4 64/128
> § /Hashes/MD5
> § /Protocols/PCT 1.0/Client
> § /Protocols/PCT 1.0/Server
> § /Protocols/SSL 2.0/Client
> § /Protocols/SSL 2.0/Server
>
> Configure the DWORD hexadecimal value to ffffffff for the
> following: <Enabled>
>
> § /Ciphers/DES 56/56
> § /Ciphers/Triple DES 168/168
> § /Hashes/SHA
> § /Protocols/SSL 3.0/Client
> § /Protocols/SSL 3.0/Server
> § /Protocols/TLS 1.0/Client
> § /Protocols/TLS 1.0/Server
>
> Jerry
>
> >-----Original Message-----
> >I'm using OulookXP with 128-bit installed in addition to
> all the updates.
> >In
> >my security settings I set outlook to encrypt with 3DES,
> but it always seems
> >to go down and encrypt to 40-bit, no matter what I do.
> I'm using a verisign
> >digital ID. I've searched the groups, and microsoft.com
> to no avail. Any
> >help is much appreciated.
> >
> >Charles Clayton
> >
> >
> >.
> >
- Next message: Karl Levinson [x y] mvp: "Re: Virus Problem"
- Previous message: Shawn: "Virus Problem"
- In reply to: John Banes [MS]: "Re: OutlookXP defaults to 40-bit encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
