Sorry I just got around to posting this fix for at Microsoft security patch that came out in October 2012 for MS Explorer versions 7 & 8 at least. It’s a patch that forces 512 encryption when encryption is used. So those apps that don’t support 512 byte encryption like Oracle Enterprise Manager (OEM) 11.1 BREAK… unless without massive additional patching to OEM ugh…
Here is one relativesly easy fix (in my mind – of course you could just use Chrome – the MS patch doesn’t break that) and then the note that led me to the fix for our Oracle Enterprise Manager problem (not able to get to the URL – browser blocks it because the key is only 512 bits).
Test OEM from MS IE 8 first, if its not working, and you just applied the patch, before you make these changes to assure you need the changes to your registry.
On the client running the IE browser
You may want to backup your registry before you do this…
- · Run regedit.exe
- · You may want to backup your registry…
- · Navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config
- · Add a new DWORD for: MinRsaPubKeyBitLength Value Decimal 512
- · Add a new DWORD for: EnableWeakSignatureFlags Value Decimal 2
- · Stop all running version of IE
http://support.microsoft.com/kb/2661254 explains what needs to be done but, it is buried about 10 pages down in the note… hint, search for MinRsaPubKeyBitLength.
What you will see is Microsoft provides a work around with 4 registry entries of which you only really need 2 of the 4.
Hope this helps, Mike