Moving this discussion\question to the Technet Forum # re: New Authentication Functionality in Windows Vista @ Wednesday, June 20, 2007 4:22 PM Unfortunately the new AES encryption for SSL/TLS is not compatible with OpenSSL library! Many people experience this problem. http://www.mail-archive.com/openssl-users@openssl.org/msg48968.html http://www.mail-archive.com/openssl-users@openssl.org/msg48968.html # re: New Authentication Functionality in Windows Vista @ Wednesday, June 20, 2007 6:54 PM Interestingly enough - this is an interop issue that we have seen previously. The problem is occurs only in the following scenario: TLS Enabled Client --> SSL3.0 only server The SSL3.0 server responds to a TLS client hello with a SSL3.0 server hello trying to negotiate an AES cipher. Unfortunately AES ciphers were not even defined for SSL3.0 and obviously the client closes the connection. The server in this case is misconfigured to negotiate AES over SSL3.0 This will be a bigger problem if not fixed when TLS 1.2 is implemented and SSL3.0 servers try to negotiate new TLS1.2 ciphersuites like TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. # re: New Authentication Functionality in Windows Vista @ Friday, June 29, 2007 10:53 AM This seems to be happened in TLS also. I had tried to use SDK sample web server from: C:\Program Files\Microsoft Platform SDK\Samples\Security\SSPI\SSL\WebServer If I connected it with AES128-SHA from client using Microsoft CryptoAPI, it works without any problem. But if I connected it with cipher AES128-SHA from client using openssl, TLS negotiation can success. The WebServer using Microsoft CryptoAPI can not decrypt message from openssl client. However, openssl client can decrypt message from CryptoAPI WebServer. Is the SDK example outdated with Windows Vista? # re: New Authentication Functionality in Windows Vista @ Monday, July 02, 2007 8:59 PM We run a full interop test spectrum with OpenSSL and the implementations have been interoperable for a while now. Could you report the specifics of the failure you are experiencing? The SDK sample should be current as no changes were needed to calling applications to take advantage of AES on Vista\LH. # re: New Authentication Functionality in Windows Vista @ Thursday, July 05, 2007 10:30 AM It was easy to setup. I used nmake to compile the SDK sample, the one in the "Samples\Security\SSPI\SSL\WebServer". My environment is visual studio .net 2003. I ran it in verbose mode and TLS 1.0. I am using the windows wget at the link http://users.ugent.be/~bpuype/wget/ as the client. This one uses openssl library. I created a self-signed certificate and let the SDK WebServer uses this certificate. wget can successfully finish the handshake with WebServer, but the HTTP request it sent to WebServer can not be decrypted. It is something to do with cipher AES. It will have no problem if using IE as client or uses openssl but not uses AES cipher. I had tried other openssl client and got the same result. I ran Vista Business in the virtual machine. But I tried both VMWare and Virtual PC 2007 and they both had the same result. I had also tried the latest Windows 2008 beta and got the same result. I suspect it has something to do with SDK example, but many programs using CryptoAPI followed this SDK example. http://users.ugent.be/~bpuype/wget/ as the client. This one uses openssl library. I created a self-signed certificate and let the SDK WebServer uses this certificate. wget can successfully finish the handshake with WebServer, but the HTTP request it sent to WebServer can not be decrypted. It is something to do with cipher AES. It will have no problem if using IE as client or uses openssl but not uses AES cipher. I had tried other openssl client and got the same result. I ran Vista Business in the virtual machine. But I tried both VMWare and Virtual PC 2007 and they both had the same result. I had also tried the latest Windows 2008 beta and got the same result. I suspect it has something to do with SDK example, but many programs using CryptoAPI followed this SDK example. # re: New Authentication Functionality in Windows Vista @ Thursday, July 05, 2007 1:46 PM Is TLS enabled on the server app? What error\errcode do you get on failure? Which version of OpenSSL? Could you use IIS instead for testing to eliminate the possibility of an error in the sample? # re: New Authentication Functionality in Windows Vista @ Thursday, July 05, 2007 2:09 PM Yes, the SDK WebServer sample has an option to use TLS 1.0. I had tried using the latest version of openssl. I had tried to use the new IIS beta in Windows 2008. IIS beta works with openssl AES cipher without this problem. That's the reason that I suspected the SDK sample program probably won't work with AES cipher in Vista.

Are you able to reproduce it ?

Hi,I have also run into this problem. I am using Oracle's OC4J application server to deploy a ClickOnce application that when run uses WCF to communicate with the J2EE application that runs in the same OC4J application environment.When accessed from a Windows XP client everything works wonderfully.When accessed from a Windows Vista client the application can't even be downloaded.After some investigation I've determined that if I set the Internet Explorer advanced security settings to "Use TLS 1.0" only then I can't browse any of the server via https (setting "Use SSL 3.0" as well causes IE to back off when it receives the SSL fatal alert message).I'm not sure if the problem here is AES or the ECC extensions that are being included in the client hello.Is there anyway to force the ClickOnce deployment and subsequent WCF communication to use SSLv3 rather than TLS 1.0? I've tried setting the IE security settings but that doesn't appear to work.TIA, Simon