Enabling Kernel SSL on Windows Server 2003

Communications Server 2007 R2

Topic Last Modified: 2009-01-23

By default, Windows Server 2003 runs Secure Sockets Layer (SSL) in user mode. Beginning with Service Pack 1 (SP1), Windows 2003 offered the option of running SSL in kernel mode. This can improve overall Internet Information Services (IIS) performance, because kernel mode moves all encryption and decryption operations to the kernel. That move dramatically decreases down the number of transactions that must be made between kernel mode and user mode. Kernel mode also reduces the memory consumption of server-side processes. In turn, that makes more memory available to Communicator Web Access. Note that this applies only to Windows Server 2003. Windows 2008 uses a form of kernel mode SSL by default.

To enable kernel mode SSL in Windows Server 2003 you must create and configure a new registry value, and then restart the HTTP service. If you later decide to disable kernel SSL mode simply set this new registry value (that is, EnableKernelSSL) to 0 (that is, zero).

  1. Open Registry Editor and locate the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters.

  2. In the Parameters key, right-click a blank area of the window pane, click New, and then click DWORD Value.

  3. After the new value is created, type EnableKernelSSL to rename the value.

  4. Double-click EnableKernelSSL.

  5. In the Edit DWORD Value dialog box, type 1 in the Value data box and then click OK.

  6. Restart the HTTP service by opening a command window, typing net stop http, and then pressing ENTER.

  7. When asked whether you want to continue the operation, type y and then press ENTER.

  8. After all the services have been stopped, type net start http in the command window to restart the HTTP service.