WinInet Security (Windows Embedded CE 6.0)

1/6/2010

Windows Embedded CE supports Transport Layer Security (TLS) 1.0, Secure Sockets Layer (SSL) versions 2.0 and 3.0, and Server Gated Cryptography (SGC) security protocols. These protocols are available through WinInet or directly from Winsock. The simplest approach to using the security protocols is to use WinInet.

Note

TLS and SSL are defined in RFC 2246.

To access security protocols with WinInet

  1. Call InternetOpen to get an Internet handle.

  2. Connect with InternetConnect, using INTERNET_DEFAULT_HTTPS_PORT as the nServerPort parameter.

  3. For HTTPS, invoke HttpOpenRequest with the INTERNET_FLAG_SECURE flag set.

  4. Proceed with the remainder of the session.

Authentication is sometimes required before accessing resources on the Internet. Windows Embedded CE supports functions for HTTP session server and proxy authentication. Authentication for FTP servers must be handled by the InternetConnect function. For more information, see HTTP Authentication.

Best Practices

Always determine the size of the content to download

Downloading large files may generate an out of memory error on your device. Before you download a file, you must use the HttpQueryInfo function to determine the content size. Call this function and pass the HTTP_QUERY_CONTENT_LENGTH flag in the dwInfoLevel parameter. HttpQueryInfo can be called directly or through URL Moniker Services by using the IWinInetHttpInfo interface.

For more information, see Windows Embedded CE topic IWinInetHttpInfo..

**Disable username and password in the URL

Username and password in the URL string are disabled by default. To help protect the device from malicious attacks, do not enable this functionality by configuring the registry. For more information about the registry value that controls this behavior, see WinInet Registry Settings.**

Default Registry Settings

Some of the registry settings for WinInet may have security implications. The registry settings documentation contains Security Note entries with information about security issues.

For registry information, see WinInet Registry Settings.

Ports

The following table shows the ports that WinInet uses by default. A user can also specify a port in a URL, using the format <protocol>://<host>:<port-number>[<path>]. If the specified port is available at the server, it is used in place of the default.

Protocol Default Port Number

FTP

21

HTTP

80

HTTPS

443

SOCKS (firewall servers)

1080

For more information about Windows Embedded CE security services, see Enhancing the Security of a Device.

See Also

Other Resources

Windows Internet Services (WinInet)
Internet Explorer Embedded Security