When you connect by using a Secure Sockets Layer (SSL) session with Microsoft Internet Explorer, the SSL session is renegotiated every two minutes. You are generally not aware of this behavior, but it may be noticeable if you are using basic authentication over the SSL connection. In this case, the basic authentication dialog box prompts you to supply your credentials every two minutes.
In Microsoft Internet Explorer on Microsoft Windows NT 4.0, the SSL cache time-out interval is set to renegotiate every two minutes. This forces a full SSL handshake. With SSL, either the client or the server can start the renegotiation process. This interval is determined by the shortest SSL time-out value (either on the client or on the server). Since Internet Explorer has a two-minute interval, Internet Explorer forces the renegotiation of the SSL session every two minutes, regardless of the setting on the server.
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.
To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:NOTE
: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
The English version of this fix should have the following file attributes or later:
Date Version Size File name Platform
09/7/2000 4.86.1964.1877 154,384 Schannel.dll Intel (40-bit)
09/7/2000 4.87.1964.1877 123,664 Schannel.dll Intel (128-bit)
: This fix requires Internet Explorer 5.01 or later. If you are experiencing this problem in Internet Explorer 5, you must upgrade to Internet Explorer 5.01 or later before you install this hotfix. You must also reapply this hotfix each time that you upgrade Internet Explorer.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
You can control this behavior on the client by changing a registry setting. As described in the following Microsoft Knowledge Base article, you can add the ClientCacheTime DWORD value. You must add this value on each client computer:
How to Configure Secure Sockets Layer Server and Client Cache Elements
To increase the SSL time-out value:
- Start Registry Editor (Regedt32.exe).
- Locate and click the following key in the registry:
- On the Edit menu, click Add Value.
- Type ClientCacheTime, click the REG_DWORD data type, and then click OK.
- In the Data box, type a decimal value in milliseconds, and then click OK.
The value is calibrated in milliseconds. The default value is "120000" (two minutes). The keys are not displayed in the registry unless you change them from their default values. A value of "0" disables secure connection caching.
The key locations and values apply to all versions of the Schannel.dll file. Keep the interval on the server short for better management of the overall size of the Schannel cache.NOTE
: This problem does not occur in Microsoft Windows 2000 and Microsoft Windows Millennium Edition.