Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message when an application connects to a Web listener that is published by using ISA Server 2004 or by using ISA Server 2006: "Error Code: 403 Forbidden The page requires 128-bit encryption, an enhanced security mechanism"


View products that this article applies to.

Symptoms

Consider the following scenario:
  • In Microsoft Internet Security and Acceleration (ISA) Server 2004 or in ISA Server 2006, you configure a Web listener to accept Secure Sockets Layer (SSL) connections.
  • You configure the Web Publishing rule as "Require 128-bit encryption for HTTPS traffic."
  • The client application connects to the Web listener by using 40-bit encryption.
In this scenario, the client is authenticated, and then you receive the following error message from the ISA server:
Error Code: 403 Forbidden. The page requires 128-bit encryption, an enhanced security mechanism. To view the page contents, use a browser that supports this enhanced encryption (12212).

↑ Back to the top


Cause

This issue occurs because the ISA Server rules engine evaluates authentication requirements before it evaluates encryption level requirements.

↑ Back to the top


Workaround

To work around this issue, disable any algorithm that has a cipher strength that is lower than 128 bits at the operating system level on the ISA server. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
245030 How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll

Note After you change the encryption settings by using the method that is mentioned in Microsoft Knowledge Base article 245030, a client that does not use 128-bit encryption will not receive the error message that is mentioned in the "Symptoms" section. Instead, the client will encounter a generic failure of the SSL connection.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB953994, kbprb, kbtshoot, kbexpertiseinter, kbarchive, kbnosurvey

↑ Back to the top

Article Info
Article ID : 953994
Revision : 1
Created on : 1/15/2015
Published on : 1/15/2015
Exists online : False
Views : 348