Enabling Kernel-Mode SSL

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

Enabling kernel-mode Secure Sockets Layer (SSL) improves SSL performance because encryption and decryption operations take place in the faster processing space of the kernel. However, enabling kernel-mode SSL disables user-mode SSL. For more information, see Kernel-Mode SSL.

Important

Using Registry Editor incorrectly can cause serious problems that require reinstalling the operating system. Because Registry Editor bypasses the standard safeguards that prevent you from entering settings that are conflicting or likely to degrade performance or damage your system, exercise caution when making changes to the registry. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved.

Note that you should back up the registry before you edit it. If you are running Microsoft® Windows NT® Server or a newer server operating system from Microsoft, you should also update your Emergency Repair Disk (ERD).

For information about how to edit the registry, see the "Changing Keys and Values", "Add and Delete Information in the Registry", and "Edit Registry Data" topics in Registry Editor Help.

Important

You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run your script or executable as an administrator. At a command prompt, type runas /profile /user:MyComputer\Administrator cmd to open a command window with administrator rights and then type cscript.exe ScriptName (include the script's full path and any parameters).

Procedures

To configure SSL to run in kernel mode

1. From the Start menu, click Run.

2. In the Open box, type Regedit.exe, and click OK.

3. Navigate to and double-click the following key in the registry:

   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters

4. From the Edit menu, point to Add, click DWORD Value and then add the following registry value:

   Name: EnableKernelSSL

   Type: REG_DWORD

   Data: Set this to 1 to use kernel-mode SSL instead of user-mode SSL.

5. Quit Registry Editor.

6. Restart IIS.

Related Information

• For information about restarting an IIS service, see Restarting IIS.

• For information about configuring SSL, see Configuring SSL on a Web Server or Web Site.