WinInet Security

  • Article

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

Transport Layer Security (TLS) 1.0, Secure Sockets Layer (SSL) versions 2.0 and 3.0, and Server Gated Cryptography (SGC) security protocols are supported in Windows Mobile. These protocols are available through WinInet or directly from Winsock. The simplest approach to using the security protocols is to use WinInet.

Note

TLS and SSL are defined in RFC 2246.

To access security protocols with WinInet

  1. Call InternetOpen to get an Internet handle.

  2. Connect with InternetConnect, using INTERNET_DEFAULT_HTTPS_PORT as the nServerPort parameter.

  3. For HTTPS, invoke HttpOpenRequest with the INTERNET_FLAG_SECURE flag set.

  4. Proceed with the remainder of the session.

Authentication is sometimes required before accessing resources on the Internet. Windows Mobile supports functions for HTTP session server and proxy authentication. Authentication for FTP servers must be handled by the InternetConnect function. For more information, see HTTP Authentication.

Best Practices

Always determine the size of the content to download

Downloading large files may generate an out of memory error on your device. Before you download a file, you must use the HttpQueryInfo function to determine the content size. Call this function and pass the HTTP_QUERY_CONTENT_LENGTH flag in the dwInfoLevel parameter. HttpQueryInfo can be called directly or through URL Moniker Services by using the IWinInetHttpInfo interface.

Default Registry Settings

Some of the registry settings for WinInet may have security implications. The registry settings documentation contains Security Note entries with information about security issues.

For registry information, see WinInet Registry Settings.

Ports

The following table shows the ports that WinInet uses by default. A user can also specify a port in a URL, using the format <protocol>://<host>:<port-number>[<path>]. If the specified port is available at the server, it is used in place of the default.

Protocol Default Port Number

FTP

21

HTTP

80

HTTPS

443

SOCKS (firewall servers)

1080

See Also

Other Resources

Windows Internet Services (WinInet)
Internet Explorer Mobile Security