Setting Encryption Strength

You can configure your Web server to require a 128-bit minimum session-key strength, rather than the default 40-bit key strength, for all SSL/PCT secure communication sessions. If you set a minimum 128-bit key strength, however, users attempting to establish a secure communications channel with you server must use a browser capable of communicating with a 128-bit session-key.

Important   

• Due to export restrictions, the 128-bit key strength encryption feature is available only in the United States and Canada. For information about upgrading to128-bit encryption capability, available with the Windows NT Server North American Service Pack 2.0, visit the Windows NT Server support Web site at http://www.microsoft.com/NTServerSupport.
• When you set security properties for a specific Web site, you automatically set the same security properties for directories and files belonging to that site, unless the security properties of the individual directories and files have been previously set.
• Your Web server will prompt you for permission to reset the properties of individual directories and files when you attempt to set security properties for your Web site. If you choose to reset these properties, your previous security settings will be replaced by the new settings. The same condition applies when you set security properties for a directory containing subdirectories or files with previously set security properties. For more information about setting properties, see Properties and Inheritance of Properties on Sites in About Web Sites.

Note   You cannot establish secure, encrypted communications unless you have installed a valid server certificate. See Creating and Managing Key Pairs and Obtaining a Server Certificate for more information.


1. In Internet Service Manager, select a Web site, directory, or file, and open its property sheets.
2. If you have not previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, under Secure Communications, click Key Manager. For procedural information about using Key Manager, see Creating and Managing Server Key Pairs.
3. If you have previously created a server key pair and certificate request, select the Directory Security or File Security property sheet, under Secure Communications, click Edit.
4. In the Secure Communications dialog box, select the Require Secure Channel when accessing this resource check box, then click Encryption Settings.
5. In the Encryption Settings dialog box, select Require 128-bit Encryption.
6. Click OK.

Note   The session key is not the same as SSL/PCT key pair file, which is used for negotiating and establishing a secure communication link.

© 1997 by Microsoft Corporation. All rights reserved.