x
This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
 
 

Overview of the H/PC Professional 128-bit SSL Update and HPC2000 SChannel Service

CESD-S-0107

Applies To:

  • Handheld PC Professional
  • HPC2000

Overview:

This article outlines the 128-bit Secure Socket Layer (SSL) update for Pocket Internet Explorer 3.0 for Handheld PC Professional Edition and the native Secure Channel service provided under HPC2000.


More Info:

The 128-bit SSL update adds support to the the Handheld PC for accessing secure sites encrypted using a 128-bit security cipher.

In order to make use of SSL, the security certificate on the secure web site you are visiting must provide hierarchical conformity to a Root Provider Authority. The 128-bit SSL update contains the following Root Certificate Authority trust certificates (in full):

  • Entrust.net www.entrust.net/CPS incorp. by ref. (limits liab.) (c) 1999 Entrust.net Limited Entrust.net Secure ServerCertification Authority
  • Entrust.net www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) (c) 1999 Entrust.net Limited Entrust.net Certification Authority (2048)
  • GTE Corporation GTE CyberTrust Root GTE Corporation GTE CyberTrust Root
  • GTE Corporation GTE CyberTrust Solutions, Inc. GTE CyberTrust Root
  • Root SGC Authority
  • RSA Data Security, Inc. 1.0, Secure Server Certification Authority
  • Thawte Server CA1 Western Cape Cape Town Thawte Consulting CC1 Certification Services Division (server-certs@thawte.com)
  • Thawte Premium Server CA1. Western Cape, Cape Town, Thawte Consulting CC1 Certification Services Division (premium-server@thawte.com)
  • Thawte Personal Basic CA1. Western Cape, Cape Town, Thawte Consulting Certification Services Division (personal-basic@thawte.com)
  • Thawte Personal Freemail CA1. Western Cape, Cape Town, Thawte Consulting Certification Services Division (personal-freemail@thawte.com)
  • Thawte Personal Premium CA1. Western Cape, Cape Town, Thawte Consulting Certification Services Division (personal-premium@thawte.com)
  • Microsoft Root Authority Copyright (c) 1997 Microsoft Corp. Microsoft Corporation
  • VeriSign, Inc. Class 1 Public Primary Certification Authority
  • VeriSign, Inc. Class 2 Public Primary Certification Authority
  • VeriSign, Inc. Class 3 Public Primary Certification Authority

Certificate Information

The table below outlines the results of research conducted by HPC:Factor into the stability of the SChannel functionality in the Handheld PC security hash database. The base certificate name as well as the hash (Signature Algorithm) used by the certificate have been listed in alphabetical order. The main purpose of the list is to display the expiration details for the core Root certificates included with Handheld PC devices. Items which have already expired and are considered beyond functional use are highlighted in Red.

Any certificate file highlighted in Red should be considered to hold no further purpose, and attempts to connect to security services using the algorithms should be discouraged.

Certificate

Hash

Expires

Entrust.net Secure Server CA

sha1RSA

25th May 2019

Entrust.net Premium Secure Server CA

sha1RSA

24th December 2019

GTE Cybertrust Root (1)

md5RSA

24th February 2006

GTE Cybertrust Root (2)

md5RSA

4th April 2004

Microsoft Root Authority

md5RSA

31st December 2020

Root SGC Authority

md5RSA

1st January 2010

RSA Data Security, Inc Secure Server Certification Authority

md2RSA

8th January 2010

Thawte Personal Basic CA

md5RSA

1st January 2021

Thawte Personal Freemail CA

md5RSA

1st January 2021

Thawte Personal Premium CA

md5RSA

1st January 2021

Thawte Server Certificates CA

md5RSA

1st January 2021

VeriSign Class 1 Public Primary CA

md2RSA

8th January 2020

VeriSign Class 2 Public Primary CA

md2RSA

8th January 2004

VeriSign Class 3 Public Primary CA

md2RSA

8th January 2004

 

Is there a 128-bit SSL update for Windows CE 2.00?
No. Up until September 16, 1999 the US Government put in place a series of export restrictions on strong encryption technologies, rendering it impossible for Microsoft to ship the 128-bit encryption ciphers as part of Windows CE.