Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You cannot connect to a server that is running Exchange 2000 Server or Exchange Server 2003 to download e-mail messages when you use IMAP4 or POP3 through a Secure Sockets Layer (SSL) connection

You cannot connect to a server that is running Exchange 2000 Server or Exchange Server 2003 to download e-mail messages when you use IMAP4 or POP3 through a Secure Sockets Layer (SSL) connection

View products that this article applies to.

Symptoms

When you use Internet Message Access Protocol, version 4rev1 (IMAP4) or Post Office Protocol 3 (POP3) through a Secure Sockets Layer (SSL) connection to connect to a server that is running either Exchange 2000 Server or Exchange Server 2003 to download e-mail messages, you cannot connect to the server. Additionally, you may receive an error message that states that the server has unexpectedly closed the connection.

↑ Back to the top

Cause

This problem occurs if the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy is enabled on the client computer or on the server. When this security policy is enabled, the client or the server requires Federal Information Processing Standard (FIPS)-compliant encryption to be negotiated for programs that use cryptographic services. If this security policy is enabled, the SSL participants are limited to a specific set of cipher suites. These cipher suites are called "block ciphers". Block cipher algorithms include data padding as part of their implementation. This padding is not being correctly handled for the Exchange SSL implementation.

↑ Back to the top

Resolution

To resolve this problem, disable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy on the client or on the server if this security policy is not required.

If the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy is enabled in Local Security Policy, follow these steps.
  1. Click Start, click Run, type secpol.msc, and then click OK.
  2. Expand Local Policies, click Security Options, and then double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing in the right pane.
  3. Click Disabled, and then click OK.
If the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security policy is enabled as part of Group Policy, contact the administrator for help.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
811833� The effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and later versions

↑ Back to the top

Keywords: KB904983, kbprb, kbexchpopimapnntp

↑ Back to the top

Article Info
Article ID : 904983
Revision : 3
Created on : 10/25/2007
Published on : 10/25/2007
Exists online : False
Views : 313