Overview of the H/PC Professional 128-bit SSL Update and HPC2000 SChannel Service

Applies To

• Handheld PC Professional
• HPC2000

Overview

This article outlines the 128-bit Secure Socket Layer (SSL) update for Pocket Internet Explorer 3.0 for Handheld PC Professional Edition and the native Secure Channel service provided under HPC2000.

More Info

The 128-bit SSL update adds support to the the Handheld PC for accessing secure sites encrypted using a 128-bit security cipher.

In order to make use of SSL, the security certificate on the secure web site you are visiting must provide hierarchical conformity to a Root Provider Authority. The 128-bit SSL update contains the following Root Certificate Authority trust certificates (in full):

• Entrust.net www.entrust.net/CPS incorp. by ref. (limits liab.) (c) 1999 Entrust.net Limited Entrust.net Secure ServerCertification Authority
• Entrust.net www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) (c) 1999 Entrust.net Limited Entrust.net Certification Authority (2048)
• GTE Corporation GTE CyberTrust Root GTE Corporation GTE CyberTrust Root
• GTE Corporation GTE CyberTrust Solutions, Inc. GTE CyberTrust Root
• Root SGC Authority
• RSA Data Security, Inc. 1.0, Secure Server Certification Authority
• Thawte Server CA1 Western Cape Cape Town Thawte Consulting CC1 Certification Services Division (server-certs@thawte.com)
• Thawte Premium Server CA1. Western Cape, Cape Town, Thawte Consulting CC1 Certification Services Division (premium-server@thawte.com)
• Thawte Personal Basic CA1. Western Cape, Cape Town, Thawte Consulting Certification Services Division (personal-basic@thawte.com)
• Thawte Personal Freemail CA1. Western Cape, Cape Town, Thawte Consulting Certification Services Division (personal-freemail@thawte.com)
• Thawte Personal Premium CA1. Western Cape, Cape Town, Thawte Consulting Certification Services Division (personal-premium@thawte.com)
• Microsoft Root Authority Copyright (c) 1997 Microsoft Corp. Microsoft Corporation
• VeriSign, Inc. Class 1 Public Primary Certification Authority
• VeriSign, Inc. Class 2 Public Primary Certification Authority
• VeriSign, Inc. Class 3 Public Primary Certification Authority

Certificate Information

The table below outlines the results of research conducted by HPC:Factor into the stability of the SChannel functionality in the Handheld PC security hash database. The base certificate name as well as the hash (Signature Algorithm) used by the certificate have been listed in alphabetical order. The main purpose of the list is to display the expiration details for the core Root certificates included with Handheld PC devices. Items which have already expired and are considered beyond functional use are highlighted in Red.

Any certificate file highlighted in Red should be considered to hold no further purpose, and attempts to connect to security services using the algorithms should be discouraged.

Is there a 128-bit SSL update for Windows CE 2.00?

No. Up until September 16, 1999 the US Government put in place a series of export restrictions on strong encryption technologies, rendering it impossible for Microsoft to ship the 128-bit encryption ciphers as part of Windows CE.