Leaderboard

New build of Serpent/UXP for XP! Test binary: Win32 https://o.rthost.win/basilisk/basilisk52-g4.8.win32-git-20251011-3219d2d-uxp-b709881389-xpmod.7z Win64 https://o.rthost.win/basilisk/basilisk52-g4.8.win64-git-20251011-3219d2d-uxp-b709881389-xpmod.7z source code that is comparable to my current working tree is available here: https://github.com/roytam1/UXP/commits/custom IA32 Win32 https://o.rthost.win/basilisk/basilisk52-g4.8.win32-git-20251011-3219d2d-uxp-b709881389-xpmod-ia32.7z source code that is comparable to my current working tree is available here: https://github.com/roytam1/UXP/commits/ia32 NM28XP build: Win32 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win32-git-20251011-d849524bd-uxp-b709881389-xpmod.7z Win32 IA32 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win32-git-20251011-d849524bd-uxp-b709881389-xpmod-ia32.7z Win32 SSE https://o.rthost.win/palemoon/palemoon-28.10.7a1.win32-git-20251011-d849524bd-uxp-b709881389-xpmod-sse.7z Win64 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win64-git-20251011-d849524bd-uxp-b709881389-xpmod.7z Win7+ x64 AVX2 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win64-git-20251011-d849524bd-uxp-b709881389-w7plus-avx2.7z No official UXP changes picked since my last build. No official Pale-Moon changes picked since my last build. No official Basilisk changes picked since my last build. My changes picked since my last build: - mailnews: fix OAuth2Providers path (16dc4c9168) - Add support for HTMLSlotElement.assignedElements() (#2) (169c949e49) - Merge pull request #37 from ClassicNick/Merge-20251005 (f24e68da7b) - style: color-mix: when either color resolves to NS_COLOR_CURRENTCOLOR, it will cause color value reevaluation and cause stack overflow. hack it to use parent color instead. (702d61e68e) - caps: hack - check `mCSP` RefCount to avoid circular calls (b709881389) Update Notice: - You may delete file named icudt*.dat inside program folder when updating from old releases. * Notice: From now on, UXP rev will point to `custom` branch of my UXP repo instead of MCP UXP repo, while "official UXP changes" shows only `tracking` branch changes.

StartAllBack 3.9.16

New build of Serpent/UXP for XP! Test binary: Win32 https://o.rthost.win/basilisk/basilisk52-g4.8.win32-git-20251018-3219d2d-uxp-861967f98e-xpmod.7z Win64 https://o.rthost.win/basilisk/basilisk52-g4.8.win64-git-20251018-3219d2d-uxp-861967f98e-xpmod.7z source code that is comparable to my current working tree is available here: https://github.com/roytam1/UXP/commits/custom IA32 Win32 https://o.rthost.win/basilisk/basilisk52-g4.8.win32-git-20251018-3219d2d-uxp-861967f98e-xpmod-ia32.7z source code that is comparable to my current working tree is available here: https://github.com/roytam1/UXP/commits/ia32 NM28XP build: Win32 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win32-git-20251018-d849524bd-uxp-861967f98e-xpmod.7z Win32 IA32 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win32-git-20251018-d849524bd-uxp-861967f98e-xpmod-ia32.7z Win32 SSE https://o.rthost.win/palemoon/palemoon-28.10.7a1.win32-git-20251018-d849524bd-uxp-861967f98e-xpmod-sse.7z Win64 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win64-git-20251018-d849524bd-uxp-861967f98e-xpmod.7z Win7+ x64 AVX2 https://o.rthost.win/palemoon/palemoon-28.10.7a1.win64-git-20251018-d849524bd-uxp-861967f98e-w7plus-avx2.7z Official UXP changes picked since my last build: - No issue - Set title for about:logopage (89ee61a746) - No issue - Improve compiler compatibility. (ac993f4fb3) - Issue #2855 - Fix rule node tracking for NAC (cc331e8e01) - [devtools] Remove newline kludge from "Copy as cURL" on Windows (4abf0b3f21) No official Pale-Moon changes picked since my last build. No official Basilisk changes picked since my last build. My changes picked since my last build: - caps: follow-up of rev b7098813 - enlarge CSP's RefCnt value limit to prevent crashing in multiple process mode. (9ad9a88955) Update Notice: - You may delete file named icudt*.dat inside program folder when updating from old releases. * Notice: From now on, UXP rev will point to `custom` branch of my UXP repo instead of MCP UXP repo, while "official UXP changes" shows only `tracking` branch changes.

This may be of some use for Win XP users in today's world with Win XP being phased out more everyday ... this service is also listed to work with Windows 98 SE / ME also. I used it about 6 years ago myself and now am being forced to use it again in Oct 2025 to be able to get my Win XP computer on the internet with a VPN. The paid service I was using has finally cut off all Win XP connections. They warned two years ago it was coming and the service still works for my Windows 7 computer but I still mostly use my Win XP computer for everyday connecting. As I said above ... I used this free VPN about 6 years ago and I have hooked the XP computer up to the service again. I will say that they have really improved things and the service is great in 2025. Perhaps some of you know about it already but if not ... then you can check it out if you need a VPN for Win XP. https://www.vpngate.net/en/ https://www.vpngate.net/en/download.aspx VPN Gate - Public Free VPN Cloud by Univ of Tsukuba, Japan Welcome to VPN Gate. (Launched on March 8, 2013.) - You can get through your government's firewall to browse restricted websites. (e.g. YouTube.) - You can disguise your IP address to hide your identity while surfing the Internet. - You can protect yourself by utilizing the strong encryption while using public Wi-Fi. More Details... - TunnelCrack protection implemented in SoftEther VPN Client (August 31, 2023) Supports Windows, Mac, iPhone, iPad and Android. Compatible OS: Windows, CPU: Intel x86 and x64 (Windows 98 SE / ME / 2000 SP4 / XP SP2, SP3 / Server 2003 SP2 / Vista SP1, SP2 / Server 2008 SP1, SP2 / Hyper-V Server 2008 / 7 SP1 / Server 2008 R2 SP1 / Hyper-V Server 2008 R2 / 8 / 10 / Server 2012 / Hyper-V Server 2012) -------------------------------------------------------------------------------------------------- It looks complicated but it really isn't. Spend some time reading everything and you should be good to go. I'm impressed from using it 6 years ago to how it has improved. One word about connecting, if you need an US connection for banking, Tubi or whatever ... they are not always there, just at various times. You will figure all this out as you get familiar with the service. ...

@nicolaasjan : https://3dyd.github.io/pyinstaller-builds/ Your prayers have been answered! https://github.com/3dyd/pyinstaller-builds https://github.com/3dyd/pyinstaller/tree/6.16.0-xp

change user agent compatibility to firefox compatibility in preferences dialog.

I was never able to correctly open all *.???x files with either Office XP or Office 2003 using the Compatibility Pack. As a result, I moved to Office 2010 with UBitMenu. Another problem with Excel on these previous versions of Office is that they were unable to correctly handle more complicated spreadsheets, such as Glenn Reeves' Excel IRS Form 1040.

Detailed explanation of this issue on WinXP SP3: https://github.com/3dyd/pyinstaller-builds/issues/2#issuecomment-3464525813 Excerpt form PyInst-6.0.0 documentation: https://pyinstaller.org/en/v6.0.0/CHANGES.html#incompatible-changes The psapi.dll in question (with the missing function) is the system one, while the one inside the "_internal" dir (which isn't being loaded when PyInst-6.16.0-xpmod has been used) is PSAPI.DLL, one of the four wrapper DLLs (kernelXP.dll, ntextl.dll, psapi.dll, ws2_xx.dll) that are used to backport py3.11.4 to XP ...

My Office is 2007, so I may not be of much help. But maybe this will fix your issue (article cites your exact issue but on Windows 2000) -- https://superuser.com/questions/1504407/office-2003-cant-open-newer-office-files More specifically, solution was to use "version 2" of the compatibility pack (linked in superuser article) -- https://www.malavida.com/en/soft/microsoft-office-compatbility-pack/download

Most sadly, this is only part of the story ; probing the v20.19.2 (32-bit) binary (a whooping 61.3 MiB in filesize) with DependencyWalker, I found a total of six (6) Vista-incompatible function calls: in advapi32.dll: EventSetInformation in kernel32.dll: K32GetModuleBaseNameW K32GetProcessMemoryInfo ResolveLocaleName TryAcquireSRWLockExclusive TryAcquireSRWLockShared The first one can also be a thing on a partially updated Win7 SP1 install (see this); thank you for already raising a Vista-support issue with Vladimir ...

I guess the extra features fulfills the plus part of Vista+. I understand the desire for targeted features and size reduction though. Now, with a known working configuration we can certainly remove features. That part will be easy. I can start with the items you listed for a future build. The libfdk-aac external functionality is included for parity with the XP version and of course the dll is not required to run the FFmpeg binaries. This functionality can also be removed if desired.

FFmpeg shared for Vista x86.

Yes, I've already tested it and everything is working. 🙂 However, now the question is ; how long will yt-dlp on XP keep working?... 🤔 Soon, an external JavaScript runtime will be needed. Deno is out of the question on older systems and yt-dlp-getpot-jsi gave me errors on both Windows XP and Windows7 (see Issue 9 ).

and you can change general.useragent.compatMode.version that reports to websites in about:config.

Thanks a lot for your reply ; as I wrote, Vista SP2 32-bit here; from 2016-2018 I used to use MABS (MSYS2/MinGW) to compile locally non-free ffmpeg builds; after that time, several MSYS2 components went Win7+ (e.g. "make") and by 2021, the compiler itself stopped being available for the 32-bit architecture; needless to say, latest MABS is meant for a recent version of Win10 64-bit; yes, you probably can still compile 32-bit binaries with it, but those won't run on Vista, possibly not on Win7, too ... The AnimMouse ffmpeg builds used to be Vista-compatible, but broke at some time (early 2022); as a Vista user too, you probably know those things already ... I'm not closely following current FFmpeg development ; at one time I was aware that the FFmpeg code itself continued to be NT 6.0 compatible (as opposed to NT 5.x), so that a "no-libs" compiled binary would launch normally under Vista; but a lot of the third party (external) libs built normally into FFmpeg are the main culprits for breaking Vista-support (x265 comes to mind, with its NUMA Win7+ functions ) ; it must be quite an enormous task today for you to restore NT 6.1/6.0 and even 5.x support on your custom FFmpeg builds; you are to be highly praised for this feat ... On a 32-bit, under-resourced (by today's standards ) machine, I practically have little use of most of those extra libs (especially video encoders); I rarely do video transcoding here, mostly audio transcoding is being performed; it's those many optional external libs that inflate static binaries' filesize and are the cause for broken NT 6.0 support, for all I know... Thanks for your intention! User Reino here (now on Win11) used to offer both static+shared 32-bit builds, targeting WinXP SP3 and an SSE-only CPU, ca. every 4 months ; it'd be very sweet from you if you managed to offer something similar, but for more recent CPUs (e.g. SSE2+) and on Vista+... FWIW, this thread started a long while ago and mentions "winxp" in its title, but is actually frequented now by members of various WinOSes ; so I hope you posting Vista+ FFmpeg builds will be OK ; of course, there's always that ... "Willing to test? " -> Simply throw "them" at me ... Best regards.

No idea. My homebrew Python 3.14 Linux standalone executable is even 51.7MB. 😮 Almost 100MB unpacked in the /tmp folder.

Don't the standalone Linux builds work (they have newer Python embedded)? yt-dlp_linux or (for 32bit) my yt-dlp_linux_x86.

Updated FFmpeg for Windows XP. Same libfdk-aac.

EssentialPIM 12.0.6 29/08/2024 still works on WinXP https://essentialpim.zendesk.com/hc/en-us/articles/11039320139922-EssentialPIM-versions-11-2-12-2 https://www.essentialpim.com/download/old/EssentialPIM120.exe EssentialPIM 12.5.2 26/09/2025 don't works on WinXP Other email client OAUth2, tested in Winxp: https://www.gammadyne.com/email_client.htm https://support.google.com/mail/answer/16604719?hl=en Starting January 2026, Gmail will no longer provide support for the following features: . GMailify: This feature allows you to get special features like spam protection or inbox organization applied to your third-party email account. Learn more about Gmailify. You won’t be able to get specific features in Gmail applied to your third-party account. . Mail Fetcher, Set up automatic forwarding (web) ... Gretings

New build of post-deprecated Serpent/moebius for XP! * Notice: This repo will not be built on regular schedule, and changes are experimental as usual. ** Current moebius patch level should be on par with 52.9, but some security patches can not be applied/ported due to source milestone differences between versions. Test binary: Win32 https://o.rthost.win/basilisk/basilisk55-win32-git-20251018-e2f63f387-xpmod.7z Win64 https://o.rthost.win/basilisk/basilisk55-win64-git-20251018-e2f63f387-xpmod.7z repo: https://github.com/roytam1/basilisk55 Repo changes: - import from UXP: No issue - Improve compiler compatibility. (ac993f4f) (88149f721) - import from UXP: Issue #2855 - Fix rule node tracking for NAC (cc331e8e) (1b577a8b4) - import from UXP: [devtools] Remove newline kludge from "Copy as cURL" on Windows (4abf0b3f) (1c307b192) - import from `custom` branch of UXP: caps: follow-up of rev b7098813 - enlarge CSP's RefCnt value limit to prevent crashing in multiple process mode. (9ad9a889) (e2f63f387)

New build of BOC/UXP for XP! Test binary: MailNews Win32 https://o.rthost.win/boc-uxp/mailnews.win32-20251018-40a79c75-uxp-861967f98e-xpmod.7z BNavigator Win32 https://o.rthost.win/boc-uxp/bnavigator.win32-20251018-40a79c75-uxp-861967f98e-xpmod.7z source repo (excluding UXP): https://github.com/roytam1/boc-uxp/tree/custom * Notice: the profile prefix (i.e. parent folder names) are also changed since 2020-08-15 build, you may rename their names before using new binaries when updating from builds before 2020-08-15. -- New build of HBL-UXP for XP! Test binary: IceDove-UXP(mail) https://o.rthost.win/hbl-uxp/icedove.win32-20251018-id-656ea98-uxp-861967f98e-xpmod.7z IceApe-UXP(suite) https://o.rthost.win/hbl-uxp/iceape.win32-20251018-id-656ea98-ia-c642e3c-uxp-861967f98e-xpmod.7z source repo (excluding UXP): https://github.com/roytam1/icedove-uxp/tree/winbuild https://github.com/roytam1/iceape-uxp/tree/winbuild

@Monroe For simple things ,where a no logging policy does not be of any interest, free VPN services may be used. BTW, VPNBook is another one. However, I personally prefer paid VPN services. Luckily, I own several lifetime licenses which have been working for years. Even though not all their servers can be used under Windows XP due to modern protocols, my VPN providers still offer older connection protocols on some servers as I prefer the L2TP/IPSec or in second place the PPTP protocol under Windows XP. Unfortunately, OpenVPN puts too much strain on my system.

it hits a "MOZ_CRASH(IPC FatalError in the parent process!)" intended crash with message "IPDL error [PContentParent]: Error deserializing 'Principal'". maybe the RefCnt knock out value is too low, tried to enlarge it a bit: https://github.com/roytam1/UXP/commit/9ad9a88955775ce04f7bd070e09ddc31c7868a3f

No, both yt-dlp_x86_win7.exe versions were built on Windows 10 64bit with 32bit Python. yt-dlp_win7.exe (and zipped) versions are built on Windows 7 64bit with 64bit Python. I think so. 🤔 Yes. And it was built with 3dyd's PyInstaller 6.15.0.

There is a new release available. The Win7 builds should now work again on Vista. They are now built with PyInstaller 6.16.0 (Vista compatible) . I forked 3dyd/pyinstaller-builds and changed the workflow file (trial and error...). https://github.com/nicolaasjan/pyinstaller-builds/releases

I'm sorry. I have no idea... ... At least I got this figured out, as it was seriously bugging me ; the "what" is hidden inside a changelog: https://github.com/adang1345/PythonVista/blob/master/CHANGELOG.md Your v2025.09.23.052315 yt-dlp_x86_win7.exe binary has been compiled with a flavour of 3.13.7 which, at that time, supported only Win7+ ; Vista support for 3.13.7 came on Sep 25th, 2 days after v2025.09.23.052315 was built, but in time for the v2025.09.27.071342 to be built with a Vista-enabled 3.13.7 interpreter (this assumes you manually updated to the Vista-compat flavour of 3.13.7) ... What is still unclear to me is: a) were both versions built on the same OS (Win7 SP1 ?) ? b) were both versions packaged with "official" PyInstaller-6.16.0 ? v2025.09.27.071342: [debug] yt-dlp version nicolaasjan/yt-dlp@2025.09.27.071342 (win7_x86_exe*) [debug] Python 3.13.7 (CPython AMD64 32bit) - Windows-Vista-6.0.6003-SP2 (OpenSSL 3.0.16 11 Feb 2025) and v2025.10.05.061237 [debug] yt-dlp version nicolaasjan/yt-dlp@2025.10.05.061237 (win7_x86_exe*) [debug] Python 3.13.7 (CPython AMD64 32bit) - Windows-Vista-6.0.6003-SP2 (OpenSSL 3.0.16 11 Feb 2025) have been both compiled on a 64-bit OS, with the 32-bit build of Vista-compatible 3.13.7; why, then, is the next v2025.10.13.80600, built on a Vista-compatible 3.14.0, broken on actual Vista SP2 32-bit? I have a hunch, based on adang1345's notes: https://github.com/adang1345/PythonVista/blob/master/README.md So, the same 3.14.0 CPython will behave differently when run on a Win7 machine to when run on a Vista machine; likewise for the PyInstaller-packaged resultant yt-dlp_x86_win7.exe binaries; but this theory doesn't explain builds v2025.09.27.071342+v2025.10.05.061237 (which run OK on Vista), unless they were also compiled on a Vista SP2 64-bit VM ... FWIW, adang1345 has made a new release of 3.13.9 less than an hour ago, https://github.com/adang1345/PythonVista/tree/master/3.13.9 and issued a re-release of 3.14.0 along with the above: https://github.com/adang1345/PythonVista/tree/master/3.14.0 His changelog only mentions the addition of 3.13.9, though ... This one launches OK: [debug] yt-dlp version local@2025.10.13 [eafedc218] (win_x86_exe) [debug] Python 3.14.0 (CPython AMD64 32bit) - Windows-Vista-6.0.6003-SP2 (OpenSSL 3.0.18 30 Sep 2025) Was a Vista SP2 64-bit VM used in this case? And which PyInst version? This one launches fine : yt-dlp_x86_win7.exe -v [debug] Command-line config: ['-v'] [debug] Encodings: locale cp1253, fs utf-8, pref cp1253, out utf-8 (No VT), error utf-8 (No VT), screen utf-8 (No VT) [debug] yt-dlp version nicolaasjan/yt-dlp@2025.10.13.080600 (win7_x86_exe*) [debug] Python 3.14.0 (CPython AMD64 32bit) - Windows-Vista-6.0.6003-SP2 (OpenSSL 3.0.18 30 Sep 2025) [debug] exe versions: none [debug] Optional libraries: Cryptodome-3.23.0, brotli-1.1.0, certifi-2025.10.05, mutagen-1.47.0, requests-2.32.5, sqlite3-3.50.4, urllib3-2.5.0, websockets-15.0.1 [debug] Proxy map: {} [debug] Request Handlers: urllib, requests, websockets [debug] Plugin directories: none [debug] Loaded 1834 extractors Usage: yt-dlp_x86_win7.exe [OPTIONS] URL [URL...] yt-dlp_x86_win7.exe: error: You must provide at least one URL. Type yt-dlp --help to see a list of all options. Less puzzled now , but still with unanswered questions ... Time to call it a night, regards...

It does. Thank you! I can confirm, the binary works on Win11 Pro (on my brand new Framework Desktop).

Updated yt-dlp_Py3.14.0_x86_Vista. (with IOS patch ) @Reino; Please test if this still suits your needs.

New build of BOC/UXP for XP! Test binary: MailNews Win32 https://o.rthost.win/boc-uxp/mailnews.win32-20251011-40a79c75-uxp-b709881389-xpmod.7z BNavigator Win32 https://o.rthost.win/boc-uxp/bnavigator.win32-20251011-40a79c75-uxp-b709881389-xpmod.7z source repo (excluding UXP): https://github.com/roytam1/boc-uxp/tree/custom * Notice: the profile prefix (i.e. parent folder names) are also changed since 2020-08-15 build, you may rename their names before using new binaries when updating from builds before 2020-08-15. -- New build of HBL-UXP for XP! Test binary: IceDove-UXP(mail) https://o.rthost.win/hbl-uxp/icedove.win32-20251011-id-656ea98-uxp-b709881389-xpmod.7z IceApe-UXP(suite) https://o.rthost.win/hbl-uxp/iceape.win32-20251011-id-656ea98-ia-c642e3c-uxp-b709881389-xpmod.7z source repo (excluding UXP): https://github.com/roytam1/icedove-uxp/tree/winbuild https://github.com/roytam1/iceape-uxp/tree/winbuild

Fortunately, my main system (Linux Mint) didn't have any issue compiling Brotli "automagically" when installing the dependencies for my newly compiled Python 3.14 (altinstall; that is, it is installed without interfering with system Python). Compiler is shipped with the distro. No problem, I was suspecting that already. It is.

Thanks ; they note: Hopefully, the brotli py3.14 wheel (file brotli-1.1.0-cp314-cp314-win32.whl) you kindly shared remains Vista-compatible; though, TBH, I'm not aware of any tests (within the context of yt-dlp or otherwise) I can submit it to ... Other than that, thank you for the details of the compilation procedure ; I agree it's not for the faint-hearted (or those lacking access to recent OS+H/W); when I, regrettably, find that PyPI misses wheels for a specific "module+module version+CPython+architecture" combination, I usually issue: python -m pip install module==specific_version and then let pip do its job in invoking setuptools+wheel to compile from module source; in the meantime, I cross my fingers for things to go as expected , which isn't always the case ; if the compilation succeeds, then pip will store in its cache a copy of the generated wheel, for easy re-usage; the local path to that wheel is being displayed in the command prompt window, so I always grab a copy from there ; of course, this is for pure Python modules, for ones with C/C++ extensions, a compiler must be made available to CPython (as you detailed yourself); CPython > 3.4 requires VS2015+, not compatible with my current OS ... Huh??? The above was meant to be written as: ... are compiled with adang1345's py3.13 (branch) implementation so that was a typo/oversight on my part ; apologies... Ofc I'm aware you've been using 3.13.7 for the win7 (+Vista) yt-dlp variants, that's why I wrote an update was due to recently released 3.13.8 ... ... That's your call, surely, but I'm more of a conservative person myself , who doesn't believe "the latest is the greatest"; however, if you're absolutely certain the yt-dlp code is fully compatible with recently released py3.14 (and the CPython itself doesn't come with any major bug), then go for it ; personally, I'd stick with the minimum CPython version mandated by yt-dlp, soon to be py3.10 (but it's also nice I can experiment with higher versions here, all thanks to adang1345 ) ... Best regards.

I used this: https://github.com/mstorsjo/llvm-mingw The 32bit build was compiled with Python 3.14.0 (x86) from adang1345 on Windows 10 IoT Enterprise LTSC. The 64bit build was compiled with Python 3.14.0 (x86-64) from adang1345 on Windows 7. To let Python use this compiler, place a file named `distutils.cfg` (see below) in `.\Lib\distutils` in Python install directory (create folder `distutils`). [build] compiler = mingw32 Build Brotli: Download source tarball and extract. In source directory run: python setup.py build_ext --compiler=mingw32 install Build wheel: python setup.py build_ext --compiler=mingw32 bdist_wheel In the directory where the built wheel is, run: pip install --force-reinstall brotli-1.1.0-cp314-cp314-win32.whl Huh??? .\yt-dlp_win7.exe -v [debug] Command-line config: ['-v'] [debug] Encodings: locale cp1252, fs utf-8, pref cp1252, out cp1252 (No VT), error cp1252 (No VT), screen cp1252 (No VT) [debug] yt-dlp version nicolaasjan/yt-dlp@2025.10.05.061237 (win7_exe*) [debug] Python 3.13.7 (CPython AMD64 64bit) - Windows-7-6.1.7601-SP1 (OpenSSL 3.0.16 11 Feb 2025) [debug] exe versions: ffmpeg git-2025-10-04-e05f8ac-ffmpeg-windows-build-helpers (fdk,setts), ffprobe git-2025-10-04-e05f8ac-ffmpeg-windows-build-helpers, phantomjs 2.5.0 [debug] Optional libraries: Cryptodome-3.23.0, brotli-1.1.0, certifi-2025.08.03, curl_cffi-0.13.0, mutagen-1.47.0, requests-2.32.5, sqlite3-3.50.4, urllib3-2.5.0, websockets-15.0.1 [debug] Proxy map: {} [debug] Request Handlers: urllib, requests, websockets, curl_cffi [debug] Extractor Plugins: NSigDeno (YoutubeIE) [debug] Plugin directories: C:\Users\Nico\AppData\Roaming\yt-dlp\plugins\bgutil-ytdlp-pot-provider\yt_dlp_plugins, C:\Users\Nico\AppData\Roaming\yt-dlp\plugins\yt-dlp-YTNSigDeno\yt_dlp_plugins [debug] Loaded 1833 extractors And the next Win7 builds will be Py3.14 based.

Hi ; well, cmalex's py3.11.4 assemblies (one compatible with just XP and one with Vista+) aren't currently being hosted on GitHub (AFAIAA), but they can be ; OTOH, adang1345's py3.13.7 assembly is already hosted on GitHub, and so is 3dyd's custom PyInstaller build used to make the Win7/Vista yt-dlp distributions; it may be possible, at least in theory, to author a modded GA workflow file to point to the custom implementations of CPython+PyInst necessary to package the Win7/Vista builds; e.g., upstream are using their own, custom, build of PyInstaller to create the "official" yt-dlp releases; perhaps a consultation with your "AI friend(s)" (or a question on SO, etc.) could prove beneficial in fully automating even the (currently) manually created release assets ; just a thought from a dedicated (hardly intelligent ) friend of yours... Best wishes !

IMO the internet got 'bad' once 'normal' people found it. But I think that is more nostalgia for the most part. As for when that happened, I'd say (at least in the US) that happened once Classmates came around. Everyone who was in high school or college went onto there to keep touch afterwards. That site got stepped on by Facebook which was originally designed for college students, but became so popular that old people joined it to keep in touch with those who were on it. For the current generation that is moving into the world, Facebook is seen as a site for old people which is a quote I've heard from multiple people of the younger generations, an insight I am afforded since I 'moonlight' at an arcade. This is only my perspective on things, but normal/old people from 20 years ago were basically computer illiterate, and astonishingly, people of that same stereotype in the current day are still mostly computer illiterate despite having grown up in with computers in a fully connected world. Combine that with the mentality that corporations have of treating adults (employees) like children and you end up with web technologies designed to protect the computer illiterate but in a fashion doesn't feel like the correct way to do it. I find it amusing that the link to this article on the Guardian brings me to a page where half of it is covered by a blue privacy/cookie notification. But overall I think that there are certainly many good points about how the internet has evolved and it is actually better in many ways now than it used to be. It is certainly more useful, something I didn't really grasp because I never had a mobile phone that was new enough to do anything cool until just recently. I think it will get better and we will figure out how to evolve it to deal with the current issues it has. There are more eyes on it now than ever before and that means more ideas of how to do things will occur. But that doesn't mean that there won't be some new dumb trend that everyone adopts that we'll have to deal with. We may end up looking back and laugh about how we were all bent out of shape about captchas and cookie banners in the face of whatever annoying thing we'll be having to deal with.

I think I am past point of missing old internet. Just trying cling to past and not saying I am missing old internet wont going to help. There were also evil things there like "Only viewable on internet exploder 4 or worse" I admit I used to also fall into that. What is typical problem there is that you keep doing things you totally disagree with and keep saying it. Then one day it hit me. What if instead of trying clinging to past memories I bring past to current. Nobody says you must use Spotispy, or any other things. What if instead of just using what everyone else is using to communicate (whatsapp) or do other stuff you use what you want to use and can be used on systems you have. If you really hate smartphones you don't have to have one, you can get still basic handsets even if live in country where GSM is killed, they are cheap ones usually sold for elderly people. If you hate modern Windows don't use it. Use something like linux mint to do "modern" stuff like filling out tax card, doing banking etc then outside that use whatever system and OS you feel good at. There are many projects that makes them usable. For example Windows 98 can totally be used for tasks with help of Pidgin, Retrozilla 2.3, proper codecs, putty win32 legacy etc. And if you think all your friends will stop talking to you if change way then ask are they really your friends if they will end friendship at that point. Sure there are some limits for what can be considered tolerable. If you would say now I will only communicate with smoke signals then it would be understandable that they are upset. You might think I just lack any friends and I got handful of them only but they are good friends I talk almost daily or hang with whenever just can. Most "friends" I had were just burden to me. If work requires them then you use during working hours as you should always keep work and personal life separate. I use whatever phone and computer employer tells me to during hours my wage is running and when hours are filled I leave them at the office or if home switch off power until next shift. I do not do any of personal work on company laptop or phone since security and not wanting mix up my personal and work life. If you are being your own employer you should still separate work and personal devices for security reasons as having one of them compromised compromises both. As for the web, you don't have to make site that forces SSL, bot protection, requires complex CSS and scripting etc. You can make one very basic. Just don't fall into wannabe 90s geocities site trend. You do not want but million animated gifs and annoying embedded midis into your site or write it with Microsoft RuntPage. I hated those site back then and hate whenever I see one of them today. You should prefer minimalism and avoid going over HTML4 strict. Something like Mozilla composer with css disabled is good starting point if you suck at coding or just want streamline doing site and then just do small fixes by hand with text editor. World is not going to change is nobody does nothing and just sit on their a** and complain. It starts change by making difference yourself.

It 's working here on New Moon.

Updated yt-dlp_Py3.13.7_x86_Vista. (with IOS patch )

... Hi ; most unfortunately, this isn't how things work ; Google , the owners of YouTube, have unleashed a war of annihilation against every kind of YT downloaders and they're NOT excluding/pardoning any of them based on the OS they're compatible with ; and, trust me, every breaking change Google implement (on purpose) isn't meant to leave "older" versions of downloaders unscathed ... XP-compatibility in Q4 of 2025 is also a concern for many Windows apps, not only Video Downloaders... I tend to stay clear of GUI media downloaders, so, alas, if you're in search for one of them, I'm afraid I won't be the person to recommend one to you... My own experience is that most of the GUI YT downloaders are frontends of the well-known CLI (Python) apps youtube-dl and its fork, yt-dlp; the GUI apps either use the standalone youtube-dl.exe or yt-dlp.exe binaries under the hood or use the respective libs inside their source code; as a consequence, whenever Google break youtube-dl/yt-dlp, the apps become broken, too ... Recently, Google implemented a breaking change of a great magnitude, which should explain your observation that yt-dlp and youtube-dl were impacted/broken, too, a stop-gap/interim solution has been implemented for both, but they were actually "stitched back together with duct tape", meaning they can break again at any time... More permanent solutions for YouTube downloading in those apps will leave, probably, any WinOS < Win10 uncovered (too early to tell with absolute certainty, maybe Win7 will be spared, but things are very grim for XP/Vista ) ; at the time of this writing, working versions can be found at: https://github.com/ytdl-org/ytdl-nightly/releases/download/2025.09.29/youtube-dl.exe (official nightly version) https://github.com/nicolaasjan/youtube-dl/releases/download/2025.09.29/youtube-dl.exe (fork of the above with a few custom modifications) https://github.com/nicolaasjan/yt-dlp/releases/download/2025.09.27.071342/yt-dlp_x86_winXP.exe If you're not familiar with those two CLI apps, am afraid this isn't the place to ask for help; however, ample HowTos can be found online with a simple web search, both apps have detailed wiki sections (assuming one already knows to invoke apps from the Windows command prompt) ... For developments related to both youtube-dl+yt-dlp, keep an eye on the dedicated MSFN thread: https://msfn.org/board/topic/184368-who-here-has-a-youtube-dl-compile-for-winxp Best regards ...

... Probably not their work , per se (seeing that they have the Polish flag before their username); published builds there are the impressive work of a Japanese person, whose username (in Japanese) is "あべちん" (that Google translates to "Abechin") ; in fact, I had contacted him some years ago about some issues in his FFmpeg builds, at a time when machine translation wasn't perfect (and AI totally absent); his blog's comment form, e.g. http://blog.k-tai-douga.com/article/191451101.html#comment (Leave a comment) wouldn't accept just Latin characters (I posted in English), so I had to include some Kanji characters, too, for my message to go through ... We did communicate in the end, the problems were mitigated in a future FFmpeg release...

I've tested and verified it with v2.40.4519. Serpent 55 starts and runs.

I had just completed my initial testing of your latest build on this old and under-resourced Vista SP2 32-bit laptop and, thankfully , I couldn't possibly reproduce your initial miserable qjs execution times ; FTR, this machine has a (2007-era) Intel Core2Duo T5250@1.50GHz CPU and 3GiB of DDR2 RAM; I used my stopwatch to time below yt-dlp command: yt-dlp_x86 --ies youtube --js-runtimes quickjs -vF "yrcIdXBwVww" and it actually took just 43s from when I clicked ENTER to full completion: [debug] Command-line config: ['--ies', 'youtube', '-vF', 'yrcIdXBwVww', '--js-runtimes', 'quickjs'] [debug] Encodings: locale cp1253, fs utf-8, pref cp1253, out utf-8 (No VT), error utf-8 (No VT), screen utf-8 (No VT) [debug] yt-dlp version local@2025.10.27 [937b84ddb] (win_x86_exe) [debug] Python 3.14.0 (CPython x86 32bit) - Windows-Vista-6.0.6003-SP2 (OpenSSL 3.0.18 30 Sep 2025) [debug] exe versions: none [debug] Optional libraries: Cryptodome-3.23.0, brotli-1.1.0, certifi-2025.10.05, mutagen-1.47.0, requests-2.32.5, sqlite3-3.50.4, urllib3-2.5.0, websockets-15.0.1, yt_dlp_ejs-0.2.1 [debug] JS runtimes: quickjs-2025-09-13 [debug] Proxy map: {} [debug] Request Handlers: urllib, requests, websockets [debug] Plugin directories: none [debug] Loaded 1 extractors [debug] [youtube] [pot] PO Token Providers: none [debug] [youtube] [pot] PO Token Cache Providers: memory [debug] [youtube] [pot] PO Token Cache Spec Providers: webpo [debug] [youtube] [jsc] JS Challenge Providers: bun (unavailable), deno (unavailable), node (unavailable), quickjs [youtube] Extracting URL: yrcIdXBwVww [youtube] yrcIdXBwVww: Downloading webpage [youtube] yrcIdXBwVww: Downloading tv client config [youtube] yrcIdXBwVww: Downloading player 25f1a420-main [debug] Saving youtube-sts.25f1a420-main to cache [youtube] yrcIdXBwVww: Downloading tv player API JSON [youtube] yrcIdXBwVww: Downloading web safari player API JSON [debug] [youtube] [jsc:quickjs] Using challenge solver lib script v0.2.1 (source: python package, variant: minified) [debug] [youtube] [jsc:quickjs] Using challenge solver core script v0.2.1 (source: python package, variant: minified) [debug] [youtube] [jsc:quickjs] Running quickjs: qjs --script 'C:\Users\<redacted>\AppData\Local\Temp\tmpp_d3itxv.js' [youtube] yrcIdXBwVww: Downloading m3u8 information [debug] Sort order given by extractor: quality, res, fps, hdr:12, source, vcodec, channels, acodec, lang, proto [debug] Formats sorted by: hasvid, ie_pref, quality, res, fps, hdr:12(7), source, vcodec, channels, acodec, lang, proto, size, br, asr, vext, aext, hasaud, id [info] Available formats for yrcIdXBwVww: ID EXT RESOLUTION FPS CH | FILESIZE TBR PROTO | VCODEC VBR ACODEC ABR ASR MORE INFO ------------------------------------------------------------------------------------------------------------------ sb3 mhtml 48x27 0 | mhtml | images storyboard sb2 mhtml 80x45 1 | mhtml | images storyboard sb1 mhtml 160x90 1 | mhtml | images storyboard sb0 mhtml 320x180 1 | mhtml | images storyboard 140 m4a audio only 2 | 3.60MiB 129k https | audio only mp4a.40.2 129k 44k medium, TV, m4a_dash 251 webm audio only 2 | 103.22KiB 4k https | audio only opus 4k 48k medium, TV, webm_dash 91 mp4 256x144 30 | ~ 3.43MiB 123k m3u8 | avc1.4D400C mp4a.40.5 WEB-S 160 mp4 256x144 30 | 801.69KiB 28k https | avc1.4d400c 28k video only 144p, TV, mp4_dash 278 webm 256x144 30 | 806.96KiB 28k https | vp9 28k video only 144p, TV, webm_dash 92 mp4 426x240 30 | ~ 5.41MiB 195k m3u8 | avc1.4D4015 mp4a.40.5 WEB-S 133 mp4 426x240 30 | 1.47MiB 53k https | avc1.4d4015 53k video only 240p, TV, mp4_dash 242 webm 426x240 30 | 1.22MiB 44k https | vp9 44k video only 240p, TV, webm_dash 93 mp4 640x360 30 | ~ 11.03MiB 397k m3u8 | avc1.4D401E mp4a.40.2 WEB-S 134 mp4 640x360 30 | 2.83MiB 102k https | avc1.4d401e 102k video only 360p, TV, mp4_dash 18 mp4 640x360 30 2 | 4.15MiB 149k https | avc1.42001E mp4a.40.2 22k 360p, TV 243 webm 640x360 30 | 2.36MiB 85k https | vp9 85k video only 360p, TV, webm_dash 94 mp4 854x480 30 | ~ 20.21MiB 728k m3u8 | avc1.4D401F mp4a.40.2 WEB-S 135 mp4 854x480 30 | 4.91MiB 177k https | avc1.4d401f 177k video only 480p, TV, mp4_dash 244 webm 854x480 30 | 4.22MiB 152k https | vp9 152k video only 480p, TV, webm_dash 95 mp4 1280x720 30 | ~ 41.07MiB 1479k m3u8 | avc1.64001F mp4a.40.2 WEB-S 136 mp4 1280x720 30 | 10.33MiB 372k https | avc1.64001f 372k video only 720p, TV, mp4_dash 247 webm 1280x720 30 | 9.39MiB 338k https | vp9 338k video only 720p, TV, webm_dash 96 mp4 1920x1080 30 | ~ 81.20MiB 2923k m3u8 | avc1.640028 mp4a.40.2 WEB-S 137 mp4 1920x1080 30 | 20.18MiB 727k https | avc1.640028 727k video only 1080p, TV, mp4_dash 248 webm 1920x1080 30 | 16.53MiB 596k https | vp9 596k video only 1080p, TV, webm_dash 271 webm 2560x1440 30 | 41.46MiB 1494k https | vp9 1494k video only 1440p, TV, webm_dash Those 43s include the time the PyInst binary took to extract its content inside the %TEMP% folder of my Windows User Account ; and this was for the FIRST yt-dlp invocation, next ones took even less ; TL:DR: QuickJS is totally workable here, thanks a lot to you, to the yt-dlp devs and to a certain GitHub member (barracuda156) who actually "fought" to have QJS included as a supported external JS runtime! Below, an actual successful DL log: yt-dlp_x86 --ies youtube --js-runtimes quickjs -vf 140 "yrcIdXBwVww" [debug] Command-line config: ['--ies', 'youtube', '--js-runtimes', 'quickjs', '-vf', '140', 'yrcIdXBwVww'] [debug] Encodings: locale cp1253, fs utf-8, pref cp1253, out utf-8 (No VT), error utf-8 (No VT), screen utf-8 (No VT) [debug] yt-dlp version local@2025.10.27 [937b84ddb] (win_x86_exe) [debug] Python 3.14.0 (CPython x86 32bit) - Windows-Vista-6.0.6003-SP2 (OpenSSL 3.0.18 30 Sep 2025) [debug] exe versions: ffmpeg 5.0 (fdk,setts) [debug] Optional libraries: Cryptodome-3.23.0, brotli-1.1.0, certifi-2025.10.05, mutagen-1.47.0, requests-2.32.5, sqlite3-3.50.4, urllib3-2.5.0, websockets-15.0.1, yt_dlp_ejs-0.2.1 [debug] JS runtimes: quickjs-2025-09-13 [debug] Proxy map: {} [debug] Request Handlers: urllib, requests, websockets [debug] Plugin directories: none [debug] Loaded 1 extractors [debug] [youtube] [pot] PO Token Providers: none [debug] [youtube] [pot] PO Token Cache Providers: memory [debug] [youtube] [pot] PO Token Cache Spec Providers: webpo [debug] [youtube] [jsc] JS Challenge Providers: bun (unavailable), deno (unavailable), node (unavailable), quickjs [youtube] Extracting URL: yrcIdXBwVww [youtube] yrcIdXBwVww: Downloading webpage [youtube] yrcIdXBwVww: Downloading tv client config [debug] Loading youtube-sts.6e4dbefe-main from cache [youtube] yrcIdXBwVww: Downloading tv player API JSON [youtube] yrcIdXBwVww: Downloading web safari player API JSON [youtube] yrcIdXBwVww: Downloading player 6e4dbefe-main [debug] [youtube] [jsc:quickjs] Using challenge solver lib script v0.2.1 (source: python package, variant: minified) [debug] [youtube] [jsc:quickjs] Using challenge solver core script v0.2.1 (source: python package, variant: minified) [debug] [youtube] [jsc:quickjs] Running quickjs: qjs --script 'C:\Users\<redacted>\AppData\Local\Temp\tmp8kc1jvmr.js' [youtube] yrcIdXBwVww: Downloading m3u8 information [debug] Sort order given by extractor: quality, res, fps, hdr:12, source, vcodec, channels, acodec, lang, proto [debug] Formats sorted by: hasvid, ie_pref, quality, res, fps, hdr:12(7), source, vcodec, channels, acodec, lang, proto, size, br, asr, vext, aext, hasaud, id [info] yrcIdXBwVww: Downloading 1 format(s): 140 [debug] Invoking http downloader on "https://rr1---sn-4vguioxu-n3bz.googlevideo.com/videoplayback?expire=1761596706&ei=woD_aJTNJ_eG0u8Psu7R0AE&ip=<redacted>&id=o-ABLy9SDAL9azDltc64Qry1Wjfc2T-ukUkgAK7YIGNBjU&itag=140&source=youtube&requiressl=yes&xpc=EgVo2aDSNQ%3D%3D&met=1761575106%2C&mh=e1&mm=31%2C29&mn=sn-4vguioxu-n3bz%2Csn-nv47lnsk&ms=au%2Crdu&mv=m&mvi=1&pl=22&rms=au%2Cau&initcwndbps=1093750&bui=AdEuB5S9H_ZLOx4DhWandbVVoE2T23TniDsH9dzuJWA1A2BTXilW4PS4MvJfCH8rm5PYm_rkKk1bNbUl&vprv=1&svpuc=1&mime=audio%2Fmp4&ns=3j_zEDpH1UcvQ1PnFTnBiuoQ&rqh=1&gir=yes&clen=3769997&dur=232.896&lmt=1758938329553945&mt=1761574619&fvip=3&keepalive=yes&lmw=1&fexp=51557447%2C51565115%2C51565682%2C51580970&c=TVHTML5&sefc=1&txp=6208224&n=Uyc5Xoc53RETOw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cxpc%2Cbui%2Cvprv%2Csvpuc%2Cmime%2Cns%2Crqh%2Cgir%2Cclen%2Cdur%2Clmt&sig=AJfQdSswRAIgYqAE1n3WKMewWR3MOnwuPURtZm5QnMnZlMtNJQaTmV0CIDbOyrrvXFyR2m1kUheTy_ik6DIXA9UXoZzbOs1ffk3a&lsparams=met%2Cmh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Crms%2Cinitcwndbps&lsig=APaTxxMwRQIgGZIroMcG7xUvn-eLhnLxe3FP_A-zu5lRB5wrz3pjoEoCIQChTmzqkvfj8R_MXFuYDQ5u9h56fAQdFtIm902IyqUrCg%3D%3D" [debug] File locking is not supported. Proceeding without locking [download] Destination: Patching yt-dlp (silent) [yrcIdXBwVww].m4a [download] 100% of 3.60MiB in 00:00:04 at 782.66KiB/s [FixupM4a] Correcting container of "Patching yt-dlp (silent) [yrcIdXBwVww].m4a" [debug] ffmpeg command line: ffmpeg -y -loglevel repeat+info -i "file:Patching yt-dlp (silent) [yrcIdXBwVww].m4a" -map 0 -dn -ignore_unknown -c copy -f mp4 -movflags +faststart "file:Patching yt-dlp (silent) [yrcIdXBwVww].temp.m4a" ... Which is where I pointed people to in my previous post : So, does the latest QJS (32-bit) launch on WinXP SP3? FWIW, I don't like adding stuff to PATH unless I can't do otherwise; placing the qjs.exe (with its DLL dependency) adjacent to the yt-dlp_x86.exe binary was all it took here ... And a slight word of caution: Of the four external JS runtimes supported by yt-dlp, QJS is the least secure one ; it has no sandbox, needs to write to the host machine's TEMP dir and is subject to some exploits related to Temp files: https://github.com/coletdjnz/yt-dlp-wiki-dev/blob/ejs/EJS.md#notes-3 Myself, I'd ONLY invoke it from the cmdline when I need to use YT, not permanently enable it via a config setting; call me paranoid ... Kind regards.

For the latest version of yt-dlp (2025.10.23) i had to update even my oldstable Debian 11 system (from 3.9 to 3.12.5 - as described nicely here). A little bit complicated and CPU-intense, but it seems to work: yt videos now downloading again without the 403/permission error. Cordial thanks @nicolaasjan and all the other developers!

; and as I had suspected, just the "yt-dlp.exe" file was enough ; and if you 1. delete the 4 wrapper DLLs targeting XP (kernelxp.dll, ntext.dll, psapi.dll, ws2_xx.dll) 2. substitute files python311.dll, _overlapped.pyd, _socket.pyd with their Vista counterparts (thanks, cmalex ), you can even run the "onedir" distribution under Vista SP2 32-bit: yt-dlp -v [debug] Command-line config: ['--ffmpeg-location', '<redacted>\\FFmpeg', '--downloader-args', 'ffmpeg:-v 8 -stats', '-v'] [debug] Encodings: locale cp1253, fs utf-8, pref cp1253, out utf-8 (No VT), error utf-8 (No VT), screen utf-8 (No VT) [debug] yt-dlp version nicolaasjan/yt-dlp@2025.10.13.080600 (win_x86_dir) [debug] Python 3.11.4 (CPython x86 32bit) - Windows-Vista-6.0.6003-SP2 (OpenSSL 3.5.2 5 Aug 2025) [debug] exe versions: ffmpeg n8.1-dev-630-N-121254-g635cb45 (setts), ffprobe n8.1-dev-630-N-121254-g635cb45 [debug] Optional libraries: Cryptodome-3.23.0, brotli-1.1.0, certifi-2025.10.05, mutagen-1.47.0, requests-2.32.5, sqlite3-3.50.4, urllib3-2.5.0, websockets-15.0.1 [debug] Proxy map: {} [debug] Request Handlers: urllib, requests, websockets [debug] Plugin directories: none [debug] Loaded 1834 extractors Usage: yt-dlp_x86 [OPTIONS] URL [URL...] yt-dlp_x86: error: You must provide at least one URL. Type yt-dlp --help to see a list of all options. Best wishes ...

A working browser, reliable virus-checking and the ability to work with 4TB+ HDDs make a computer/operating system useful in 2025 and later, at least for me. WinXP without these three capabilities is of limited use. Two of my computers work already fine with 4TB GPT HDDs under WinXP/2003 (read/write, partitioning. virus-checking, watching movies, Beyond Compare. Sandboxie, etc) WinXP on these 2 computers is "SP3-only", and does not contain "all updates until end of support" nor "all of the extended support updates". My first set of two 4TB GPT HDDs (Master+Backup) was created under WinXP SP3 and Win2003 32bit SP2, with both 4TB HDDs partitioned unaligned, i.e. by setting "Legacy" mode in Paragon HDM12 before creating the partitions. The first set of 4TB HDDs has worked mostly fine under WinXP/2003/Win10. I will now create more sets of 4TB+ GPT HDDs, containing different accumulations of stuff, mainly for use under WinXP/2003. Before starting to partition the 4TB+ HDDs under WinXP/2003, however, I will have to decide on the setting: Legacy [=unaligned] or Vista [=aligned]. The wrong choice may mean that eventually 100TB+ of stuff may have to be copied again Working under WinXP with GPT HDDs <=2TBs is easy, maybe a good exercise for getting acquainted with GPT under WinXP. Working under WinXP with GPT HDDs >2TB, however, is the tricky part. MiniTool Partition Wizard v11.4 (last version for WinXP), for example, doesNOT work under WinXP with GPT HDDs of any size (<=2TB and >2TB): an OK partitioned 4TB GPT HDD gets displayed as having a single partition and nothing happens when you right-click on it. My currently preferred software for creating partitions on 4TB GPT HDDs under WinXP/2003 is Paragon Hard Disk Manager 12 v10.1.19.16240 (Server, 25Nov2012). In PHDM12 the blue screen installer bug of GPT Loader of PHDM11 was fixed, it contains the last version of their old [=well-tested] partitioning engine, no .NET Framework. Paragon removed from PHDM12 the huge Total Defrag component, maybe issues defragging with PHDM11 under WinXP a 4TB GPT HDD?

In my example, it was Ookla.SpeedtestbyOokla, but it can be done for any other app or multiple apps at the same time. I followed this procedure: In the virtual machine in Audit Mode, I copied all the files related to the app in question, plus all the files related to x64 and x86 dependencies, to the main C directory. Along with the files, the app installation file with all dependencies must be present, which is the file in PowerShell (Install-Ookla.ps1). All files must be removed when the entire procedure is complete. This can be launched via a DOS command. PowerShell.exe -ExecutionPolicy Bypass -File C:\Install-Ookla.ps1 If we need to install multiple apps, for which there are multiple .ps1 installation files, we can use a single batch command to launch them all in sequence. Below, I have included the two sample scripts. PS1 installation file (Ookla.SpeedtestbyOokla) https://justpaste.it/aushf Unified batch script for multiple apps (personal example) https://justpaste.it/dbisn

98, SE, and ME do have VirtualAllocEx, only 95 doesn't. Use ImportPatcher or Dependency Walker to find all missing functions. If there are only a few, I can write a wrapper.

ProxHTTPSProxy and HTTPSProxy in Windows XP for future use 0. Table of Contents 0. Table of Contents 1. Introduction 2. Purpose of ProxHTTPSProxy and HTTPSProxy 3. Area of application 4. The TLS protocols and their cipher suites 5. Certificates - CA and Root Certificates 5.1. The CA certficate of ProxHTTPSProxy 5.2. The Root Certificates of Windows XP 6. The TLS 1.2 proxies ProxHTTPSProxy and HTTPSProxy 6.1. Prerequisites 6.1.1. Detailed information 6.2. Installation 6.3. Configuration 6.3.1. Configuration of ProxHTTPSProxy 6.3.2. Configuration of HTTPSProxy 6.3.3. Configuration of these proxies to access the MU website successfully nowadays 6.4. Usage 6.4.1. Usage of ProxHTTPSProxy 6.4.2. Usage of HTTPSProxy 6.5. Maintenance of ProxHTTPSProxy and HTTPSProxy for future use 7. The TLS 1.2 proxy ProxHTTPSProxy's PopMenu 3V1 7.1. Prerequisites 7.2. Purpose and components of ProxHTTPSProxy's PopMenu 3V1 7.3. Features of ProxHTTPSProxy's PopMenu 3V1 7.4. Changelog of ProxHTTPSProxy's PopMenu 3V1: 7.5. Installation and configuration of ProxHTTPSProxy's PopMenu 3V1 7.6. Tranferring all settings of an existing ProxHTTPSProxy's installation 7.7. Usage of ProxHTTPSProxy's PopMenu 3V1 8. The TLS 1.3 proxy ProxyMII 8.1. Prerequisites 8.2. General information about ProxyMII 8.3. Specific information about the different ProxyMII releases 8.3.1 ProxyMII (20220717) 8.3.2 ProxyMII (20230813) 8.4. How to set up and use the TLS 1.3 proxy ProxyMII 9. The TLS 1.3 proxy ProxHTTPSProxy's PopMenu TLS 1.3 9.1. Prerequisites 9.2. General information about ProxHTTPSProxy's PopMenu TLS 1.3 9.3. ProxHTTPSProxy's PopMenu TLS 1.3 3V3 9.3.1. Features of ProxHTTPSProxy's PopMenu TLS 1.3 3V3 9.3.2. Changelog of ProxHTTPSProxy's PopMenu TLS 1.3 3V3 9.3.3. Installation and start of ProxHTTPSProxy's PopMenu TLS 1.3 3V3 10. Versions 10.1. Versions of the TLS 1.2 proxies ProxHTTPSProxy, HTTPSProxy, and ProxHTTPSProxy's PopMenu 10.2. Versions of the TLS 1.3 proxies ProxyMII and ProxHTTPSProxy's PopMenu TLS 1.3 11. Downloads 11.1. Archived Downloads {obsolete}: 11.2. Latest Downloads 11.2.1. Downloads related to the TLS 1.2 proxies 11.2.1.1. Downloads related to ProxHTTPSProxy 11.2.1.2. Downloads related to HTTPSProxy 11.2.2. Downloads related to the TLS 1.3 proxies 11.2.3. Downloads related to cacert.pem Certificate Update 11.2.4. Downloads related to Root Certificate Updates 12. Update notifications 13. Conclusion 14. Disclaimer 1. Introduction: The idea of this thread is to provide information and recent findings I've made relating to the TSL proxies ProxHTTPSProxy and HTTPSProxy. Due to the fact that I don't use other older NT based Operation Systems (OSs) except Windows XP Professional all my observations and explanations are referring to both proxies in Windows XP only. So, please do not comment off-topic in this thread! I am AstroSkipper, a member of MSFN since 2010, and was involved in restoring of access to the Microsoft Update (MU) website in Windows XP (and some other OSs). This is the thread: https://msfn.org/board/topic/178377-on-decommissioning-of-update-servers-for-2000-xp-and-vista-as-of-july-2019/ While restoring MU in my own Windows XP Professional system, I had to solve a lot of problems and had among other things some significant findings relating to ProxHTTPSProxy and HTTPSProxy, too. The above mentioned thread is now over 140 pages long and unfortunately very bloated. In most cases visitors or members of MSFN don't want to read that much of pages for getting information they have looked for. A lot of comments are part of conversations which no longer can be retraced or understood easily by people who weren't participated. Therefore, I wanted to make my own findings accessible to all interested people in a clear, short way. That's why I decided to make my own thread to provide some facts, tips and especially news referring to these proxies. It is an unfortunate circumstance that the creators of ProxHTTPSProxy and HTTPSProxy, @heinoganda and @Thomas S., haven't been here for a long time and no further development of these proxies has been made the last years. Of course, we thank both creators explicitly for these outstanding proxies, we are very glad to have them, but they have to be used as they are. For this reason, we have to ask ourselves whether they'll continue doing their job in the future or not. But maybe some of you don't really know what actually their job is. 2. Purpose of ProxHTTPSProxy and HTTPSProxy: Originally, ProxHTTPSProxy was created for Proxomitron as an SSL Helper Program. Proximotron is a local HTTP web-filtering proxy. Here are two links about Proxomitron: http://www.buerschgens.de/Prox/index.html (German website, use Google Translator if necessary) and https://msfn.org/board/topic/183295-web-browser-proxomitron-reborn-ptrongui-a-how-to-guide/. This is a quotation from a post of the developer called "whenever" who had made ProxHTTPSProxy originally: Source link: https://prxbx.com/forums/showthread.php?tid=1618. Here is an image to show how ProxHTTPSProxy works: ProxHTTPSProxy and HTTPSProxy were created by our members mentioned above to provide modern nag-free HTTPS connections for an HTTP proxy. The main purpose in Windows XP is in adding modern ciphers to HTTPS connections of the Internet Explorer (IE) to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates (KB4230450, KB4316682 and KB4019276). Here is a link with further information how TLS 1.1 and TLS 1.2 can be enabled in Windows XP: https://msfn.org/board/topic/178092-enable-tls-11-and-12-in-windows-xp-correctly/?do=findComment&comment=1158544. The original ciphers of IE are outdated and therefore a lot of websites can't be accessed or they don't work properly due to SSL issues. More information about these proxies you can find in the original thread: https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/. 3. Area of application: As already said, the main purpose of these proxies is in adding modern ciphers to HTTPS connections of IE to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates. Therefore, ProxHTTPSProxy or HTTPSProxy is often used in combination with IE to access websites which couldn't be called up by IE without it. Some programs use Internet Explorer's browser engine called Trident to get data from Internet, to search something or to check for updates. For example my favourite movie database program All My Movies™ checks for updates using IE engine. Without one of these proxies it will fail. Some e-mail clients like eM Client or Eudora are using IE engine too. Some browsers like 360 Extreme Explorer are able to use IE engine for surfing. Another new purpose is to access Microsoft Update to look for updates. As I mentioned above I was involved in restoring of access to the Microsoft Update (MU) website in Windows XP (and some other OSs), and we were successful by now. If you're interested in restoring MU functionality, I've written a little guide with the title "Complete guide for restoring IE's access to WU/MU website using ProxHTTPSProxy or HTTPSProxy in Windows XP" which can be found here: https://msfn.org/board/topic/183498-general-and-specific-solutions-for-problems-regarding-auwumu-in-windows-xp/?do=findComment&comment=1216509 This thread is about different proxies to establish secure connections to servers or, more generally, to the internet. You often read about TLS, cipher suites, and certificates here. Therefore, I disseminate here some information about these "termini technici" for those who do not know exactly what is meant by them. 4. The TLS protocols and their cipher suites If you research the term TLS on the internet, you will get a lot of information, sometimes very simply presented, sometimes very technical, more for IT experts. With this small article, which can be seen more as a summary, I try to provide a little more transparency in this stuff. Transport Layer Security, abbreviated TLS, is a protocol for the authentication and encryption of Internet connections. For this purpose, TLS is inserted as its own layer between TCP and the protocols of the application layer. Here is a linked graphic to make it more clear: The individual tasks include authentication, certification, key exchange, integrity assurance and encryption. The main tasks are to guarantee the authenticity of the contacted remote stations, in most cases a server, by means of a certificate and to encrypt the connection between the remote stations. Here is a second linked graphic to demonstrate the actions and reactions in the communication between a client and a server: The used protocol defines the basic communication for the connection and is as crucial for a secure connection as the encryption protocol itself. Due to a series of vulnerabilities, the SSL2 and SSL3 protocols must be considered a security vulnerability and should be avoided at all costs. The successor to SSL3, TLS 1.0 should also be avoided, as the protocol offers a method to downgrade an established TLS 1.0 connection to SSL3. Thus, the connection is again vulnerable to the vulnerabilities that affect SSL3. Unfortunately, its successor TLS 1.1 is also no longer up to date and should be rather avoided nowadays. For a long time, the TLS 1.2 protocol was considered secure and therefore recommended. It offers a number of improvements that should ensure the security of connections again. In general, each new SSL or TLS version has brought additional features and options, making configuration a little more confusing, implementation more error-prone and handling more tedious. Overall, the use of TLS has become more insecure. With TLS 1.3, this should change, at best. Or, this was and is the actual goal, at least. For this reason, every single function of TLS has been tested for its security benefits and risks. In the process of development and in regard to the present knowledge, some parts were removed that no longer offer security and some of which are now also considered insecure. At the same time, security was improved with new procedures. Furthermore, measures for performance optimisation and preventive hardening measures for future attacks were taken into account. TLS 1.3 breaks backwards compatibility for the first time, which unfortunately causes some problems in practice. Connections with TLS 1.3 can be interrupted either because the connection is not accepted en route or due to a defective web server. Anyway, the protocols TLS 1.2 and, above all, TLS 1.3 are recommended as secure protocols nowadays. Here is a list of typical protocols and their cipher suites used by the TLS 1.3 proxy of my current program package ProxHTTPSProxy's PopMenu TLS 1.3 3V3 as an example. It's a screenshot taken from the website https://browserleaks.com/ssl: In the screenshot above, you can see many so called cipher suites belonging to specific TLS protocols. A cipher suite is a standardised collection of cryptographic procedures (algorithms) for encryption. In the Transport Layer Security (TLS) protocol, the cipher suite specifies which algorithms are to be used to establish a secure data connection. A cipher suite is generally displayed as a long string of seemingly random information but each segment of that string contains essential information. Generally, this data string is made up of several key components: The used protocol, in most cases TLS. The key exchange algorithm dictates the manner by which symmetric keys will be exchanged such as RSA, DH, DHE, ECDH, ECDHE. The authentication algorithm dictates how server authentication and (if needed) client authentication will be carried out such as RSA, DSA, ECDSA. The bulk encryption algorithm dictates which symmetric key algorithm will be used to encrypt the actual data such as AES, 3DES, CAMELLIA. The Message Authentication Code (MAC) algorithm dictates the method the connection will use to carry out data integrity checks such as SHA, SHA256, MD5. In some cases, there is an Elliptic Curve Cryptography (ECC) which is an encryption technique that provides public-key encryption similar to RSA. While the security strength of RSA is based on very large prime numbers, ECC uses the mathematical theory of elliptic curves and achieves the same security level with much smaller keys. Here are three linked graphics to illustrate these strings with examples: 5. Certificates - CA and Root Certificates Although Windows XP was abandoned and updates of root certificates were not provided anymore by Microsoft for this OS, we still found ways to update them. And, if we want to install one of our TLS proxies, we have to install a CA certificate to get them working. In both cases, certificates are needed, and this short article is intended to shed some light on this certificate jungle with regards to our TLS proxies. 5.1. The CA certficate of ProxHTTPSProxy A certificate authority (CA) is a trusted entity that issues digital certificates. These are files that cryptographically link an entity to a public key. Certificate authorities are an important part of the Internet's Public Key Infrastructure (PKI) because they issue the Secure Sockets Layer (SSL) certificates that browsers use to authenticate content sent from web servers. All popular web browsers use web servers' SSL certificates to keep content delivered online secure. They all need to trust certificate authorities to issue certificates reliably. SSL certificates are used in conjunction with the Transport Layer Security (TLS) protocol to encrypt and authenticate data streams for the HTTPS protocol, and are therefore sometimes referred to as SSL/TLS certificates or simply TLS certificates. The first time ProxHTTPSProxy is started, it creates the keys for a certificate authority in its program directory if there is none. This file CA.crt is used for on-the-fly generation of dummy certificates for each visited website which are stored in the subfolder Certs. And, there is a second file called cacert.pem located in ProxHTTPSProxy's program directory. This file cacert.pem contains the currently valid root certificates (will be considered in more detail below) used by the proxy to verify the server connections. Since your browser won’t trust the ProxHTTPSProxy's CA certificate out of the box, you will either need to click through a TLS certificate warning on every domain, or install the CA certificate once so that it is trusted. It has to be installed in the Trusted Root Certification Authority of Windows XP and in some cases additionally in the Certificate Manager of a browser as in the cases of New Moon, Pale Moon, Firefox, and others. The Internet Explorer doesn't possess an own certificates store and uses the Trusted Root Certification Authority of Windows XP. Typically, digital certificates contain data about the entity that issued the certificate and cryptographic data to verify the identity of the entity, including the entity's public key and expiration date for the certificate, as well as the entity's name, contact information, and other information associated with the certified entity. Web servers transmit this information when a browser establishes a secure connection over HTTPS. In doing so, they send to it the certificate and the browser authenticates it using its own root certificate store. The following graphic illustrates the structure of a Certificate Authority as for example GlobalSign: SSL/TLS certificates are based on PKI as mentioned above, and there are a few key parts that need to be in place for the SSL certificate to work: A digital certificate (for example, an SSL/TLS certificate) that proves the website’s identity. A certificate authority that verifies the website and issues the digital certificate. A digital signature that proves the SSL certificate was issued by the trusted certificate authority. A public key that your browser uses to encrypt the data sent to the website. A private key that the website uses to decrypt the data sent to it. Here is another graphic to illustrate the role that a certificate authority (CA) plays in the Public Key Infrastructure (PKI): When installing such CA certificates in Windows XP manually, then there is something else to note. It can be of crucial importance whether one installs a root certificate under the account of the Current User or Local Computer. In this article a little further down, you can find more information on that. Furthermore, exiting ProxHTTPSProxy completely, deleting the old CA.cert file in ProxHTTPSProxy's program directory, and restarting ProxHTTPSProxy will result in the generation of a new CA.crt that will be valid for another ten years. In addition, the certificate bundle cacert.pem should be updated, at best regularly. You can do that with the tool cacert Updater Fixed which can be found in the download section 11.2.3. Downloads related to cacert.pem Certificate Update. This tool is also included in my program package ProxHTTPSProxy's PopMenu. And, that is the moment to note something very important. Any change to a ProxHTTPSProxy installation regarding the CA certificate or a severe system crash while one of the proxies is running in the background always requires a reset of all dummy certificates in the Certs subfolder. The word "reset" at this point means deleting all certificates that have been created in the Certs folder, manually by the user. The next time the proxy is started correctly, all necessary certificates will be created again when the corresponding websites are accessed. Here are a few screenshots of ProxHTTPSProxy's CA certificate (German edition of Windows XP, sorry!): 5.2. The Root Certificates of Windows XP In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). Root certificates are self-signed and form the basis of an X.509-based PKI. Either it has matched Authority Key Identifier with Subject Key Identifier, in some cases there is no Authority Key identifier, then Issuer string should match with Subject string (RFC 5280). For instance, the PKIs supporting HTTPS for secure web browsing and electronic signature schemes depend on a set of root certificates. A certificate authority can issue multiple certificates in the form of a tree structure. A root certificate is the top-most certificate of the tree, the private key which is used to "sign" other certificates. All certificates signed by the root certificate, with the "CA" field set to true, inherit the trustworthiness of the root certificate. A signature by a root certificate is somewhat analogous to "notarizing" identity in the physical world. Such a certificate is called an intermediate certificate or subordinate CA certificate. Certificates further down the tree also depend on the trustworthiness of the intermediates. The following graphic illustrates the role of a root certificate in the chain of trust: The root certificate is usually made trustworthy by some mechanism other than a certificate, such as by secure physical distribution. Root certificates are distributed in Windows XP by Microsoft and located in special certificate stores. These certificate stores may be viewed through the Certificates snap-in Certmgr.msc in the Microsoft Management Console (MMC). You can open the Certificates console focused on the Current User on a Windows XP computer by executing Certmgr.msc in the Run dialog box. Here is a screenshot of what you see running this command (German edition of Windows XP, sorry!): The root certificates of Windows XP can be updated by @heinoganda's Certificate Updater, @Thomas S.'s CAupdater, or by my self-created Root Certificate and Revoked Certificate Updaters, in all cases to the most recent ones provided by Microsoft. These updaters can be found in the download section under 11.2.4. Downloads related to Root Certificate Updates. There is no automatism for this updating. It must be done manually by the user and, if possible, regularly. @heinoganda's Certificate Updater is also included in my program package ProxHTTPSProxy's PopMenu. And now, back to our proxies. 6. The TLS 1.2 proxies ProxHTTPSProxy and HTTPSProxy 6.1. Prerequisites: A CPU with SSE2 instruction set is required to run the more recent versions of these TLS 1.2 proxies under Windows XP. 6.1.1. Detailed information: Testing system: Windows XP Professional SP3 POSReady with an AMD Athlon XP 3200+ (Thoroughbred), an old CPU providing SSE, but lacking of SSE2 instruction set. After testing of all proxies mentioned in this article, I can confirm that all @heinoganda's releases ProxHTTPSProxy REV3b, ProxHTTPSProxy REV3d, ProxHTTPSProxy REV3e and @Thomas S.'s release HTTPSPoxy in version HTTPSProxy_Launcher_v2_2018-11-06 require a CPU with SSE2 instruction set. All these proxies crashed when starting 'ProxHTTPSProxy.exe' or 'HTTPSProxy.exe'. But @whenever's release ProxHTTPSProxyMII 1.3a could be started without crashing, and after testing I can confirm this proxy is fully compatible with a CPU possessing SSE instruction set only. Therefore, this proxy can be used in such old systems, but only if absolutely necessary. For safety reasons. More detailed information below in the section 10.1. Versions of the TLS 1.2 proxies ProxHTTPSProxy, HTTPSProxy, and ProxHTTPSProxy's PopMenu. 6.2. Installation: The program packages provide documents and instructions, actually sufficient. Both proxies do not need any installation. There is no setup installer. They are fully portable with a few exceptions. The user has to edit the config file according to his needs, he should update a special certificate called 'cacert.pem' and he has to install the proxy's root certificate properly in any case. But to avoid unnecessary repetitions, I'll come back to that later in the section 6.3. Configuration. The location of their program folder can be chosen freely. For this purpose, I've created a folder "Portable" in my system partition. I have created this folder to remind me that programs inside folder Portable do not have to be uninstalled. 6.3. Configuration: The configurations of these proxies are a bit different. 6.3.1. Configuration of ProxHTTPSProxy: - Install ProxHTTPSProxy's root certificate 'CA.crt' under the Trusted Root Certification Authority manually or apply 'ProxHTTPS Cert Install.exe'. Alternatively you can use the more recent ProxHTTPSProxy Cert Installer which has been modified and updated by me. You can find it in the section 11.2.1.1. Downloads related to ProxHTTPSProxy. - Edit the config file 'config.ini' according to your needs. More detailed explanations at the end of this section. - Update the certificate 'cacert.pem' by downloading and inserting it manually (see cacert Update.txt) or automatically by applying 'cacert_Updater.exe'. Due to the circumstance that @heinoganda's original cacert Updater doesn't work anymore, I have fixed it. This "cacert Updater Fixed" can be downloaded in the section 11.2.3. Downloads related to cacert.pem Certificate Update. 6.3.2. Configuration of HTTPSProxy: - Generate a new HTTPSProxy's root certificate 'HTTPSProxyCA.crt' by opening 'HTTPSProxy.exe' and closing its window when the process is over. - Install HTTPSProxy's root certificate 'HTTPSProxyCA.crt' under the Trusted Root Certification Authority manually. Alternatively you can use the brand new HTTPSProxy Cert Installer which has been created by me. You can find it in the section 11.2.1.2. Downloads related to HTTPSProxy. - Edit the config files 'config.ini' and 'Launcher.ini' according to your needs. More detailed explanations at the end of this section. - Update the certificate 'cacert.pem' by downloading from url https://curl.se/ca/cacert.pem and inserting it manually (see Installation-Update_EN.txt) or automatically by clicking cacert.pem update in Launcher's menu. - Execute the reg file 'Inet_CurUser_ProxySettings.reg'. Both proxies have got a config file called 'config.ini'. The following parameters of the proxy can be specified there:: ProxAddr, FrontPort, BackPort, LogPort and LogLevel. Look into this file and you'll get short descriptions of these parameters. Furthermore there are special sections titled [SSL No-Verify], [BLACKLIST], [SSL Pass-Thru] and [BYPASS URL]. In these sections url addresses can be inserted letting the proxy know how to perform them. HTTPSProxy has a second config file called 'Launcher.ini'. Here you can set up the Launcher of HTTPSProxy. A short description can be read at the beginning of each file section. Here you can see HTTPSProxy's config file similar to the one of ProxHTTPSProxy: More detailed information about the parameters and sections can be found in their doc files. Both proxies can be set as system-wide proxies using the executable proxycfg.exe. Here are proxycfg's command line parameters: The command proxycfg displays the current WinHTTP proxy settings. The command proxycfg -d specifies that all HTTP and HTTPS servers should be accessed directly. Use this command if there is no proxy server. The command proxycfg -p proxy-server-list optional-bypass-list specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for a given protocol and that server is not in the bypass list, the -p option specifies that the server cannot be accessed at all. The command proxycfg -d -p proxy-server-list optional-bypass-list specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for the given protocol, the -d option specifies that the server should be accessed directly instead. The command proxycfg -u imports the Internet Explorer proxy settings of the current user. WinHTTP does not support auto-discovery and configuration script-based proxy settings. So far so good, but unfortunately that's not the whole truth. 6.3.3. Configuration of these proxies to access the MU website successfully nowadays: The MU website can be accessed only by IE, but nowadays it needs the more recent cryptographic protocol TLS 1.2. That's the reason why MU wasn't available in the past. Therefore we have to use one of these proxies to gain access. If all steps of my Complete guide for restoring IE's access to WU/MU website using ProxHTTPSProxy or HTTPSProxy in Windows XP have been performed properly, you would like to call up MU website. But in some cases problems could occur. One of them is to get a MU website with output of error code 0x80072f8f (hexadecimal notation). I had examined this error deeply and could solve it. But what does that have to do with our proxies? Of course a lot, otherwise I wouldn't have mentioned it. Here you can read my short post "Final fix of error code 0x80072f8f while accessing WU or MU website": https://msfn.org/board/topic/178377-on-decommissioning-of-update-servers-for-2000-xp-and-vista-as-of-july-2019/?do=findComment&comment=1213188 The steps in order: Delete the old CA.cert file in ProxHTTPSProxy's program folder. Delete all certificates in ProxHTTPSProxy's certs subfolder. Update the certificate cacert.pem. Run the executable ProxHTTPSProxy.exe. A new ProxHTTPSProxy CA certificate CA.crt valid for another ten years has been generated. Import this new ProxHTTPSProxy CA certificate to Trusted Root Certification Authority but under the account local computer. And exactly here lies the problem. You have to import this certificate in a special way to ensure it is really installed in Trusted Root Certification Authority under the account local computer. Otherwise, it can happen that this certificate is installed in Trusted Root Certification Authority under the account current user. And that is definitely the cause of error code 0x80072f8f. No one had told us where this certificate has to be installed to. No hints in the doc files of both proxies. And, how can we do that? Here are the detailed steps using the Microsoft Management Console: Open console by typing mmc. Add a snap-in for certificates. Choose for local computer. Import your recently generated ProxHTTPSProxy CA certificate to Trusted Root Certification Authority. Finished. Now, we have to modify the config file. Alternatively you can use my pre-configured config files in the section 11.2.1. Downloads related to the TLS 1.2 proxies. Open the file config.ini in an editor of your choice. Add these urls under the section [SSL No-Verify]: urs.microsoft.com c.microsoft.com* *one.microsoft.com* download.windowsupdate.com cc.dcsec.uni-hannover.de fe2.ws.microsoft.com *update.microsoft.com ds.download.windowsupdate.com - Save your changes. - Finished. Of course, same procedure for HTTPSProxy with one exception: HTTPSProxy's root certificate is named HTTPSProxyCA.crt. Fixing error code 0x80072f8f leads to fixing another problem and that is the validity of Proxy's root certificate. From now on a freshly generated root certificate of ProxHTTPSProxy or HTTPSProxy valid for another ten years will be fully functional because we finally know where it exactly has to be imported to. Maybe, you understand now how important it is to configure these proxies properly. Otherwise, they wouldn't work flawlessly. In the section 11.2.1. Downloads related to the TLS 1.2 proxies, I provide separate CA Certificate Installer and Uninstaller for both proxies. They have been created by me for the people who do not dare to generate and install certificates themselves. Due to a modification made by me, these installers and uninstallers do now their job properly, i.e. the certificate installation will be definitely performed in the Trusted Root Certification Authority under the account local computer. If you asked me which kind of certificate installation you should choose, I would recommend the manual method. For security reasons only. The installers contain a pre-generated root certificate of its proxy which will be installed properly. But as a result all users of these installers will have got the same certificate unfortunately. Normally, no good. But, do we really want to spy each other? I don't think so. On the other hand, using the manual method we all will have an unique certificate without any risks. So it's up to you! 6.4. Usage: The usage of these proxies is very simple but a bit different. 6.4.1. Usage of ProxHTTPSProxy: The best way to start ProxHTTPSProxy is to execute the file ProxHTTPSProxy_PSwitch.exe. In this case, ProxHTTPSProxy will set up itself automatically and delete its settings when closing. You can check the settings of ProxHTTPSProxy in Internet Options of IE. Here is a screeshot of ProxHTTPSProxy's program window: 6.4.2. Usage of HTTPSProxy: The way to start HTTPSProxy is a bit different. For starting it, you have to simply drag the executable HTTPSProxy.exe onto a second executable Launcher.exe by drag & drop and a new system tray icon appears. Via this icon, all available options of HTTPSProxy's Launcher are accessible. There are a lot of options: HTTPSProxy exit, HTTPSProxy restart, HTTPSProxy show, HTTPSProxy hide, HTTPSProxy launch with Windows, config.ini edit, cacert.pem update, HTTPSProxy enabled - settings - log, Update Windows root CAs, Launcher.ini edit and so on. Here are some screenshots of HTTPSProxy: Launcher's menu: HTTPSProxy - switched on and switched off: HTTPSProxy's program window: HTTPSProxy while accessing MU: If connection errors occur, you can check the settings of HTTPSProxy in Internet Options of IE and set them manually or automatically by applying reg file 'Inet_CurUser_ProxySettings.reg'. And now one important hint. If you want to use both proxies in your system, you mustn't run them in RAM at same time! Otherwise the selected proxy won't work at all. You have to close the unused proxy to use the other. Keep that in mind! 6.5. Maintenance of ProxHTTPSProxy and HTTPSProxy for future use: We have to carry out a bit of maintenance to ensure that these proxies are working properly. First of all, the system's root certificates should be updated every three months. If you have not done that yet, you can use one of the root certificate updater in the section 11.2.4. Downloads related to Root Certificate Updates where different online and offline versions can be downloaded from. Then you should check following list: Regular update of the file 'cacert.pem'. Maintenance and check of the file config.ini according to your needs. Checking the validity of the proxy's root certificate. Deleting of all certificates in the folder 'Certs' if the proxy isn't working properly. Checking the state of the Proxy in IE or in your system. 7. The TLS 1.2 proxy ProxHTTPSProxy's PopMenu 3V1 7.1 Prerequisites: A CPU with SSE2 instruction set is required to run this TLS 1.2 proxies under Windows XP. 7.2. Purpose and components of ProxHTTPSProxy's PopMenu 3V1: This is the first release of ProxHTTPSProxy's PopMenu 3.0 in version 1.0.0.0 shortened 3V1. ProxHTTPSProxy's PopMenu 3V1 is a one-click menu in systray to access and control @heinoganda's ProxHTTPSProxy REV3e. ProxHTTPSProxy's PopMenu 3V1 is a synthesis of self-programmed executables, a very few commands, credits to @AstroSkipper at MSFN, and the freeware PopMenu 3.0, credits to Jochanan Agam at freeware.persoft.ch. All the information I spread about ProxHTTPSProxy in the sections above is of course also valid for ProxHTTPSProxy's PopMenu. 7.3. Features of ProxHTTPSProxy's PopMenu 3V1: ProxHTTPSProxy's PopMenu is not a classical launcher, it is rather a systray popup menu. It can be totally customized and continuously extended according to user's needs due to its modular structure, therefore much more flexible than a classical, compiled launcher. More features can be added easily without touching existent code. Due to ProxHTTPSProxy's PopMenu's modular structure the user can change, add, delete and reorder features. Even the icons in menu can be changed easily by the user. Here is the complete list of features implemented in ProxHTTPSPoxy's PopMenu 3v1: Start ProxHTTPSPoxy Stop ProxHTTPSPoxy Hide ProxHTTPSPoxy Show ProxHTTPSPoxy Check if ProxHTTPSPoxy is running (in RAM) cacert.pem Update Root Certificates Update Open IE Proxy settings Close IE Proxy settings Check system proxy status Enable ProxHTTPSProxy system-wide Disable ProxHTTPSProxy system-wide Edit config.ini Read documentation And here is a screenshot of ProxHTTPSProxy's PopMenu 3V1: ProxHTTPSPoxy's PopMenu is provided together with ProxHTTPSProxy REV3e. This new archive called "ProxHTTPSProxy_REV3e_PopMenu_3V1" has been additionally updated by me. These are the changes to original package of @heinoganda: 7.4. Changelog of ProxHTTPSProxy's PopMenu 3V1: @heinoganda's Certificate Updater 1.6 added. Old CA Root Certificate CA.crt replaced by new one valid until 02/19/2032. ProxHTTPSProxy CA Certificate Installer and Uninstaller replaced by more recent ones corresponding to pre-generated CA Root Certificate valid until 02/19/2032. Old cacert Updater removed, recreated cacert Updater Fixed added. cacert.pem updated to most recent one. Alternative latest cacert.pem dated of 2022-04-26 from Mozilla added with download url. All self-programmed executables of ProxHTTPSPoxy's PopMenu 3v1 created in two different versions, UPX and noUPX, following the spirit of ProxHTTPSPoxy's creator. 7.5. Installation and configuration of ProxHTTPSProxy's PopMenu 3V1: 1. Unpack archive and copy the complete folder ProxHTTPSProxy_REV3e_PopMenu_3V1_noUPX or ProxHTTPSProxy_REV3e_PopMenu_3V1_UPX (or its complete content) to desired location. 2. Although both, ProxHTTPSProxy REV3e and ProxHTTPSPoxy's PopMenu 3V1, are fully portable, the config file of program PopMenu has to be adjusted to new location. This can be done manually or much more comfortable automatically by a tool I created for this purpose only. Go to subfolder PopMenu and execute "Configure PopMenu.exe". This procedure will always set the menu back to default settings. If you modified the menu in the past to your needs, you have to adjust the config file "PopMenu.ini" manually, otherwise you'll lose your modifications. In any case the paths in config file "PopMenu.ini" have to be adjusted when the complete program folder (or its complete content) was copied to a new location. 7.6. Tranferring all settings of an existing ProxHTTPSProxy's installation: Copy the files "CA.crt" and "config.ini" from old installation folder to new one. Same with complete subfolder "Certs". Doing it in that way you won't lose any old settings. 7.7. Usage of ProxHTTPSProxy's PopMenu 3V1: To start ProxHTTPSPoxy's PopMenu, just apply "ProxyPopMenu.exe" in main program folder ProxHTTPSProxy_REV3e_PopMenu_3V1_noUPX or ProxHTTPSProxy_REV3e_PopMenu_3V1_UPX. ProxHTTPSPoxy's PopMenu can be set to "Start automatically at Windows startup" in context menu item "Settings" which is called up by right-clicking systray icon. Here the PopMenu can be configured generally. ProxHTTPSPoxy's PopMenu has been pre-configured by me. The provided functions (items) corresponding to their labels are in most cases self-programmed executables and in a very few inserted commands. All items of ProxHTTPSPoxy's PopMenu are generally self-explanatory. Feel free to click on them and test them! If you click on item "Enable ProxHTTPSProxy system-wide", my program checks whether ProxHTTPSProxy is running or not. If not, it will be started immediately. This is necessary to set ProxHTTPSProxy to mode system-wide or setting process would fail. And one recommendation: Do not change or modify files in subfolder PopMenu and keep the file or folder structure inside main folder, otherwise the ProxHTTPSProxy's PopMenu won't work properly! If you want to modify the menu, do it in PopMenu's "Settings". But you have to know what you do otherwise ProxHTTPSPoxy's PopMenu won't work as expected. ProxHTTPSProxy's PopMenu itself has a very low usage of RAM. It's only about 2 MB. The download link of ProxHTTPSProxy's PopMenu 3V1 can be found in the section 11.2.1.1. Downloads related to ProxHTTPSProxy. 8. The TLS 1.3 proxy ProxyMII 8.1. Prerequisites: ProxyMII was created by Python 3.7.1 which requires Microsoft Visual C++ 2015 Redistributable or Microsoft Visual C++ 2015-2019 Redistributable (latest version 14.28.29213.0). Check if it is installed in your system! 8.2. General information about ProxyMII: ProxyMII is a proxy based on ProxHTTPSProxy which was originally created by whenever. It was enhanced in terms of the TLS 1.3 protocol and its cipher suites by @cmalex who recently created it using Python 3.7.1. Again, a big thanks for that to @cmalex! ProxyMII provides all TLS protocols from TLS 1.0 up to TLS 1.3 and its corresponding cipher suites. It differs from @heinoganda's ProxHTTPSProxy in its file structure and does not provide a comparable program like ProxHTTPSProxy_PSwitch.exe to activate or deactivate the proxy settings automatically, when the proxy is started or closed. This has to be done manually by the user. If you want to use ProxyMII as it is without any additional comfort, then read the following instructions to get it running. 8.3. Specific information about the different ProxyMII releases: 8.3.1 ProxyMII (20220717): Hardware requirements: A CPU with SSE2 instruction set is not required anymore, SSE only is sufficient. ProxyMII (20220717) is now based on OpenSSL 3.0.5, dated from 2022-07-05, and Cryptography 3.4.8, dated from 2021-08-24. 8.3.2. ProxyMII (20230813): Hardware requirements: A CPU with SSE2 instruction set is now required., SSE only is not sufficient anymore. ProxyMII (20230813) is now based on OpenSSL 3.1.2, dated from 2023-08-01, and Cryptography 40.0.2, dated from 2023-04-14. Here are the changelogs: Changes from OpenSSL 3.0.5 to OpenSSL 3.1.2: Changes from Cryptography 3.4.8 to Cryptography 40.0.2: 8.4. How to set up and use the TLS 1.3 proxy ProxyMII: Unpack the archive and copy the folder ProxyMII to a location of your choice. Install the file CA.crt to Trusted Root Certification Authority under the account local computer manually. I use the certificate generated by ProxHTTPSProxy REV3e, provided in my release of ProxHTTPSProxy's PopMenu 3V1. Or use my contained ProxHTTPSProxy CA Certificate Installer and Uninstaller to do that automatically. If so, you have to overwrite the already existing CA.crt in ProxyMII's program folder by the one of my release. Enable the proxy settings of IE in the Internet Options -> LAN settings, i.e., check mark "Use a proxy server for your LAN", and click on Advanced. Go to the entry Secure and enter the Proxy address 127.0.0.1 and the port 8079. Update the file cacert.pem to have the most recent one by using my cacert Updater Fixed (Recreated). Start the proxy by executing the file ProxHTTPSProxy.exe. Ensure that your firewall doesn't block this proxy. Add it to your exclusions list or allow its connection. Do not forget to disable the proxy settings of IE when ProxyMII has been closed. The download links of ProxyMII and cacert Updater Fixed can be found respectively in the sections 11.2.2. Downloads related to the TLS 1.3 proxies and 11.2.3. Downloads related to cacert.pem Certificate Update. ProxyMII is the TLS 1.3 proxy on which my program package ProxHTTPSProxy's PopMenu TLS 1.3 is based from now on. 9. The TLS 1.3 proxy ProxHTTPSProxy's PopMenu TLS 1.3 9.1. Prerequisites: ProxHTTPSProxy's PopMenu TLS 1.3 is based on ProxyMII, which was created by Python 3.7.1, and requires Microsoft Visual C++ 2015 Redistributable or Microsoft Visual C++ 2015-2019 Redistributable (latest version 14.28.29213.0). Furthermore, Microsoft .NET Framework 4.0 is now additionally required to run the program package ProxHTTPSProxy's PopMenu TLS 1.3 under Windows XP. Check if both are installed in your system! A CPU with SSE2 instruction set is not required anymore, SSE only is sufficient. 9.2. General information about ProxHTTPSProxy's PopMenu TLS 1.3 The main feature of my program package ProxHTTPSProxy's PopMenu TLS 1.3 is @cmalex's ProxyMII, a TLS 1.3 proxy. I replaced @heinoganda's TLS 1.2 proxy from my last release of ProxHTTPSProxy's PopMenu REV3e 3V1 by @cmalex's TLS 1.3 proxy. This sounds simple, but, unfortunately, it wasn't. A lot of problems had to be solved to implement this proxy completely, enhance functionality, and get control of it as convenient as the old one. ProxHTTPSProxy's PopMenu TLS 1.3 is a one-click menu in systray to access and control the brand new TLS 1.3 proxy ProxyMII, better known as ProxHTTPSProxy, credits to @cmalex and its original creator whenever. @cmalex's ProxyMII, dated from 2022-07-17, is now based on OpenSSL 3.0.5 and Cryptography 3.4.8. It provides all TLS protocols from TLS 1.0 up to TLS 1.3 and its corresponding ciphers. 9.3. ProxHTTPSProxy's PopMenu TLS 1.3 3V3 ProxHTTPSProxy's PopMenu TLS 1.3 3V3 is the third release of ProxHTTPSProxy's PopMenu 3.0, now in version 3.0.0.0, shortened 3V3. It is a synthesis of the excellent, brand new TLS 1.3 proxy ProxyMII, dated from 2022-07-17, credits to @cmalex at MSFN, several self-programmed executables and a very few commands, credits to @AstroSkipper at MSFN, the freeware PopMenu 3.0, credits to Jochanan Agam at freeware.persoft.ch, the open source utility Min2Tray v1.7.9, credits to Junyx at junyx.breadfan.de, and the program Certificate Updater 1.6, credits to @heinoganda at MSFN. If you wonder when the second version was released, the answer is very simple: never. This version was unofficial. ProxHTTPSProxy's PopMenu is not a classical launcher, it is rather a systray pop-up menu. It can be totally customized and continuously extended according to the user's needs due to its modular structure, therefore, much more flexible than a classical, compiled launcher. More features can be added easily without touching the existent code. Due to ProxHTTPSProxy's PopMenu's modular structure, the user can change, add, delete and reorder features. Even the icons in the menu can be changed easily by the user. Here is a screenshot: 9.3.1 Features of ProxHTTPSProxy's PopMenu TLS 1.3 3V3: Here is the complete list of features implemented in ProxHTTPSProxy's PopMenu TLS 1.3 3V3 and a short explanation of them: Start ProxHTTPSPoxy – Activates the proxy's settings in IE LAN Settings, starts the proxy, and deactivates and cleans its settings after closing, all automatically. Stop ProxHTTPSPoxy – Stops the proxy and closes its status window. Minimize ProxHTTPSProxy to systray – Minimizes ProxHTTPSProxy's status window to systray and shows its icon there. Restore ProxHTTPSProxy from systray – Restores ProxHTTPSProxy's minimized status window from systray. Hide ProxHTTPSPoxy – Hides ProxHTTPSProxy's status window completely. Show ProxHTTPSPoxy – Shows ProxHTTPSProxy's hidden status window again. Check if ProxHTTPSPoxy is running (in RAM) – Checks if ProxHTTPSPoxy is running in the background. cacert.pem Update – Performs an update of the file cacert.pem. Root Certificates Update – Performs an update of the system's Root Certificates. Open IE Proxy settings – Opens the tab LAN Settings in IE's Internet Options. Close IE Proxy settings – Closes the tab LAN Settings and IE's Internet Options completely. Check system proxy status – Checks whether the proxy is used system-wide or the system has direct access. Enable ProxHTTPSProxy system-wide – Permits the whole system to use this proxy. In this mode, services can route their traffic through the proxy, too. Disable ProxHTTPSProxy system-wide – The proxy can be used only locally if it is running, generally all have direct access to their servers or the internet. Edit config.ini – Opens the file config.ini with the editor Notepad to check or modify the proxy's configuration. Read documentation – Opens the documentation with the editor Notepad to get quickly information. In the screenshot above, you can see a red arrow which points to the icon of ProxHTTPSPoxy, minimized to systray. It's a new feature, and the green marked items have been added to the pop-up menu since last release. ProxHTTPSPoxy's PopMenu is provided together with ProxyMII from 2022-07-17, created by @cmalex and branded by me as ProxHTTPSProxy 1.5.220717. This new archive called ProxHTTPSProxy TLS 1.3 1.5.220717 PopMenu 3V3 has been additionally updated by me. These are the changes to the previous version of ProxHTTPSPoxy's PopMenu: 9.3.2 Changelog of ProxHTTPSProxy's PopMenu TLS 1.3 3V3: @heinoganda's ProxHTTPSProxy REV3e replaced by @cmalex's ProxHTTPSProxy 1.5.220717 with a brand new TLS 1.3 support. New starter program StartProxy.exe created to activate the proxy settings, start the proxy, and deactivate its settings after closing, all automatically. cacert.pem updated to the most recent one. Alternative cacert.pem from Mozilla, updated to the most recent version dated 2022-07-19. The open source utility Min2Tray has been fully implemented by the new configuration tools Configure PopMenu.exe and Setup Min2Tray.exe, all automatically. After the setup procedure, the programs PopMenu and Min2Tray are started automatically. All self-created files are not UPX-compressed. Therefore, the version is a noUPX only. Two new items added to the pop-up menu: Minimize ProxHTTPSProxy to systray and Restore ProxHTTPSProxy from systray. All unnecessarily embedded files have been removed from my self-created executables. Changes in calling up other programs. In all my affected programs, protection against code injection has been improved. This leads to preventing of future "space bugs", too! Different issues, which could have been noticed only in very rare cases, have been fixed. All unnecessary code has been removed. New bugs I additionally found have been fixed. Autostart entries of PopMenu and the new Min2Tray, automatically added to the registry by my configuration program, have been fixed in regard to the "space bug". All message windows of my programs have been resized and adjusted for a better visibility. All my self-created program files have been recompiled by using a different compiler. @cmalex's original ProxyMII wasn't modified by me, except a replacement of ProxHTTPSProxy.EXE's program icon, back to the old one and an update of the file config.ini to get access to the Microsoft Updates (MU) website with this proxy. 9.3.2 Installation and start of ProxHTTPSProxy's PopMenu TLS 1.3 3V3: Check if Microsoft Visual C++ 2015 Redistributable or Microsoft Visual C++ 2015-2019 Redistributable (latest version 14.28.29213.0) is installed in your system. Check if Microsoft .NET Framework 4.0 is installed in your system. Unpack the archive and copy either the complete folder ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3 or its complete content to your desired location. Install the file CA.crt, located in the main program folder, to Trusted Root Certification Authority under the account local computer, or use the program ProxHTTPSProxy Cert Installer, provided in the archive. Go to the subfolder PopMenu and execute the program Configure PopMenu.exe. PopMenu and Min2Tray will be started automatically. A more detailed documentation, titled Documentation of ProxHTTPSProxy's PopMenu 3V3, can be found in the subfolder Docs of my program package and should be read before using ProxHTTPSProxy's PopMenu in any case. All features and more are described there. The programs PopMenu and Min2Tray have a very low usage of RAM. It's only about 2 MB and 4 MB respectively. The download link of ProxHTTPSProxy's PopMenu TLS 1.3 3V3 can be found in the section 11.2.2. Downloads related to the TLS 1.3 proxies. 10. Versions: 10.1. Versions of the TLS 1.2 proxies ProxHTTPSProxy, HTTPSProxy, and ProxHTTPSProxy's PopMenu: Last known version of ProxHTTPSProxyMII, created by @whenever and released in June of 2018: ProxHTTPSProxyMII 1.5 (20180616) ProxHTTPSProxyMII 1.3a (20150527) was released in May of 2015. Here are two links: https://prxbx.com/forums/showthread.php?tid=2172&pid=17686#pid17686 and https://prxbx.com/forums/showthread.php?tid=2172&pid=18454#pid18454 Due to support of SHA1 for signing certificates ProxHTTPSProxyMII 1.3a can be used in a Windows XP Professional x64 system to access MU successfully. More recent versions use SHA256 to sign certificates and fail while accessing MU. But that also means ProxHTTPSProxyMII 1.3a is not secure and should only be used if there is no other option. Here is a link to the post with necessary instructions and a screenshot of successful access to MU using ProxHTTPSProxyMII 1.3a in Windows XP Professional x64, credits to @maile3241: https://msfn.org/board/topic/178377-on-decommissioning-of-update-servers-for-2000-xp-and-vista-as-of-july-2019/?do=findComment&comment=1214098 Last known version of ProxHTTPSProxy released in November of 2019: ProxHTTPSProxy REV3e. Here is a link: https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/?do=findComment&comment=1173585 Last known version of HTTPSProxy released in November of 2018: HTTPSProxy_Launcher_v2_2018-11-06 Here are two links: https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/?do=findComment&comment=1155858 and https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/?do=findComment&comment=1156032 Last version of ProxHTTPSProxy's PopMenu released in May of 2022: ProxHTTPSProxy's PopMenu 3V1 (20220510) Here is the link to my post of this initial release: https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1218622 10.2. Versions of the TLS 1.3 proxies ProxyMII and ProxHTTPSProxy's PopMenu TLS 1.3: ProxyMII released in July of 2022: ProxyMII (20220717). It was rebranded by me to ProxHTTPSProxy 1.5.220717. Here is the link to @cmalex's original post: https://msfn.org/board/topic/183684-looking-for-a-person-with-python-programming-skills-to-implement-tls-13-functionality-in-proxhttpsproxy-rev3e/?do=findComment&comment=1222235 Latest version of ProxyMII released in August of 2023: ProxyMII (20230813). Here is the link to @cmalex's original post: https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1250552 Latest version of ProxHTTPSProxy's PopMenu TLS 1.3 3V3 released in August of 2022: ProxHTTPSProxy's PopMenu TLS 1.3 3V3 (20220817). Here is the link to the post of its official release: https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1224184 11. Downloads: 11.1. Archived Downloads {obsolete}: ProxHTTPSProxyMII 1.3a can be downloaded here: http://www.proxfilter.net/proxhttpsproxy/ProxHTTPSProxyMII 1.3a.zip. Credits to @whenever. ProxHTTPSProxyMII 1.5 can be downloaded here: http://jjoe.proxfilter.net/ProxHTTPSProxyMII/files/ProxHTTPSProxyMII 1.5 advanced 34cx_freeze5.0.1urllib3v1.22Win32OpenSSL_Light-1_0_2o-1_1_0h.zip. Credits to @whenever. ProxHTTPSProxy REV3d can be downloaded here: https://www.mediafire.com/file/r23ct8jd2ypfjx5/ProxHTTPSProxyMII_REV3d_PY344.7z/file. Credits to @heinoganda. Root Certificate and Revoked Certificate Updater of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/n4ea8nbijox88o3/Roots_Certificate_Updater_24.02.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/8ler7d9z8aesz08/rootsupd.exe/file Root Certificate and Revoked Certificate Updater of 04/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/7e6jw2mdp6bi3u0/Roots_Certificate_Updater_28.04.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 04/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/m6n7481wdq546ad/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 05/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/aob1fkpf6f3vyhd/Roots_Certificate_Updater_24.05.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 05/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/vkopcjfymnei5cn/rootsupd.exe/file Root Certificate and Revoked Certificate Updater of 06/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/2eowvtl8r56q8tx/Roots_Certificate_Updater_28.06.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 06/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/h1460guuxqklkk5/rootsupd.exe/file Root Certificate and Revoked Certificate Updater of 08/23/2022 created by @AstroSkipper: https://www.mediafire.com/file/nxt11m8m39fnc1k/Roots_Certificate_Updater_23.08.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 08/23/2022 created by @AstroSkipper: https://www.mediafire.com/file/0o2h3y16ekmtv2o/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 09/27/2022 created by @AstroSkipper: https://www.mediafire.com/file/d4mtrexun8ao81l/Roots_Certificate_Updater_27.09.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 09/27/2022 created by @AstroSkipper: https://www.mediafire.com/file/44suzv2x2fbrret/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 10/25/2022 created by @AstroSkipper: https://www.mediafire.com/file/naxyauof6fs0p88/Roots_Certificate_Updater_25.10.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 10/25/2022 created by @AstroSkipper: https://www.mediafire.com/file/nmzw6l4lzmxn8wx/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 11/29/2022 created by @AstroSkipper: https://www.mediafire.com/file/cnlbxdffjq9beva/Roots_Certificate_Updater_29.11.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 11/29/2022 created by @AstroSkipper: https://www.mediafire.com/file/pctxthjlcb6croc/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 02/28/2023 created by @AstroSkipper: https://www.mediafire.com/file/6chiibdsdoh4i22/Roots_Certificate_Updater_28.02.23.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 02/28/2023 created by @AstroSkipper: https://www.mediafire.com/file/rmjyq3pak60jayz/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 04/25/2023 created by @AstroSkipper: https://www.mediafire.com/file/xgmi98u15ikerrn/Roots_Certificate_Updater_25.04.23.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 04/25/2023 created by @AstroSkipper: https://www.mediafire.com/file/dxtxkgqdk6xlfb9/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 08/22/2023 created by @AstroSkipper: https://www.mediafire.com/file/53fv86ouqgonm7f/Roots_Certificate_Updater_22.08.23.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 08/22/2023 created by @AstroSkipper: https://www.mediafire.com/file/9xhsy3i2bphtf0i/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 11/28/2023 created by @AstroSkipper: https://www.mediafire.com/file/361ux1ogvmokuhf/Roots_Certificate_Updater_28.11.23.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 11/28/2023 created by @AstroSkipper: https://www.mediafire.com/file/6o1rfz4oqnh0din/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 02/27/2024 created by @AstroSkipper: https://www.mediafire.com/file/7awvvb37in89op1/Roots_Certificate_Updater_27.02.24.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 02/27/2024 created by @AstroSkipper: https://www.mediafire.com/file/55c7c574pyem2vg/rootsupd.EXE/file Root Certificate and Revoked Certificate Updater of 03/26/2024 created by @AstroSkipper: https://www.mediafire.com/file/a1oil6g5cane3bu/Roots_Certificate_Updater_26.03.24.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 03/26/2024 created by @AstroSkipper: https://www.mediafire.com/file/6hcuv2r715l8nnm/rootsupd.EXE/file 11.2. Latest Downloads: 11.2.1. Downloads related to the TLS 1.2 proxies: 11.2.1.1. Downloads related to ProxHTTPSProxy: ProxHTTPSProxy REV3e can be downloaded here: https://www.mediafire.com/file/me5l9dydomgwa0h/2005536469_ProxHTTPSProxyMIIv1.5Rev3ePython3.44OriginalFiles.7z/file. Credits to @heinoganda. ProxHTTPSProxy's PopMenu 3V1 can be downloaded here: https://www.mediafire.com/file/djg5n0n9osqco7m/ProxHTTPSProxy_REV3e_PopMenu_3V1_CheckedByAstroSkipper.7z/file. Password: CheckedByAstroSkipper. Credits to @AstroSkipper. ProxHTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 modified and built by @AstroSkipper: https://www.mediafire.com/file/9tnonnlymrp98f8/ProxHTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file ProxHTTPSProxy's config file to access MU website successfully, modified by @AstroSkipper: https://www.mediafire.com/file/vr1klatuzjh6v5c/ProxHTTPSProxy_-_config.ini/file 11.2.1.2. Downloads related to HTTPSProxy: HTTPSProxy in the version of HTTPSProxy_Launcher_v2_2018-11-06 can be downloaded here: https://www.mediafire.com/file/ku859ikt2t79cgl/HTTPSProxy_Launcher_v2_2018-11-06.7z/file. Credits to @Thomas S.. HTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 created by @AstroSkipper: https://www.mediafire.com/file/sx1i6w2c6f1hvwm/HTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file HTTPSProxy's config file to access MU website successfully, modified by @AstroSkipper: https://www.mediafire.com/file/6emtdvx2vmw4iz8/HTTPSProxy_-_config.ini/file 11.2.2. Downloads related to the TLS 1.3 proxies: ProxyMII (20220717) = ProxHTTPSProxy 1.5.220717 can be downloaded here: https://www.mediafire.com/file/zbkz37dh0wjgnml/ProxyMII_220717_CheckedByAstroSkipper.7z/file. Password: CheckedByAstroSkipper. Credits to @cmalex. ProxyMII (20230813) can be downloaded here: https://www.mediafire.com/file/8oir8zsg0ffjs6u/ProxyMII_230813_CheckedByAstroSkipper.7z/file. Password: CheckedByAstroSkipper. Credits to @cmalex. ProxHTTPSProxy's PopMenu TLS 1.3 3V3 can be downloaded here: https://www.mediafire.com/file/4sqkixfd2waaypt/ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper.7z/file. Password: CheckedByAstroSkipper. Credits to @AstroSkipper. ProxHTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 modified and built by @AstroSkipper: https://www.mediafire.com/file/9tnonnlymrp98f8/ProxHTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file ProxHTTPSProxy's config file to access MU website successfully, modified by @AstroSkipper: https://www.mediafire.com/file/vr1klatuzjh6v5c/ProxHTTPSProxy_-_config.ini/file 11.2.3. Downloads related to cacert.pem Certificate Update: cacert Updater Fixed, fixed and recreated by @AstroSkipper: https://www.mediafire.com/file/y98gtqf8ewr6zz4/cacert_Updater_Fixed_Recreated.7z/file. Credits to @heinoganda. 11.2.4. Downloads related to Root Certificate Updates: Root Certificate and Revoked Certificate Updater of 05/28/2024 created by @AstroSkipper: https://www.mediafire.com/file/qo3w3h9n2zumb2o/Roots_Certificate_Updater_28.05.24.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 05/28/2024 created by @AstroSkipper: https://www.mediafire.com/file/v3bokp223uen5ta/rootsupd.EXE/file Certificate Updater 1.6: https://www.mediafire.com/file/nmoqrx8vwc8jr6l/jveWB2Qg1Lt9yT5m3CYpZ8b8N4rH.rar/file. Credits to @heinoganda. Archive password: S4QH5TIefi7m9n1XLyTIZ3V5hSv4se1XB6jJZpH5TfB6vkJ8hfRxU7DWB2p CAupdater 1.0.0.1: https://www.mediafire.com/file/z34fifg2a09fzxo/CAupdater.7z/file. Credits to @Thomas S.. The installers created by myself or built by me will be updated from time to time if necessary. All files in my offered archives are definitely virus-free and clean, although some AV scanners produce false positives. I recommend adding the complete folder to the exclusion list of your security program(s), only if you trust me, of course. Apart from that, you can also check positive reported files on VirusTotal, though. 12. Update notifications: 02/26/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 02/24/2022. 03/16/2022: The functionality of @heinoganda's cacert Updater has been restored. cacert Updater Fixed can be downloaded in the section 11.2.3. Downloads related to cacert.pem Certificate Update. 04/23/2022: cacert Updater Fixed has been completely recreated due to false alarms of some virus scanners and can be downloaded in the section 11.2.3. Downloads related to cacert.pem Certificate Update. 05/10/2022: ProxHTTPSProxy's PopMenu 3V1 has been released. Here is the link to my post of the initial release with the download link: https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1218622 05/16/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 04/28/2022. 06/05/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 05/24/2022. 06/30/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 06/28/2022. 07/17/2022: ProxyMII has been released. Here is the link to the post of its official release: https://msfn.org/board/topic/183684-looking-for-a-person-with-python-programming-skills-to-implement-tls-13-functionality-in-proxhttpsproxy-rev3e/?do=findComment&comment=1222235. 08/17/2022: ProxHTTPSProxy's PopMenu TLS 1.3 3V3 has been released. Here is the link to the post of its official release: https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1224184 09/05/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 08/23/2022. 10/06/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 09/27/2022. 11/06/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 10/25/2022. 12/09/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 11/29/2022. 03/04/2023: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 02/28/2023. 05/09/2023: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 04/25/2023. 08/13/2023: ProxyMII has been updated. Here is the link to the post of its official release: https://msfn.org/board/topic/183352-proxhttpsproxy-and-httpsproxy-in-windows-xp-for-future-use/?do=findComment&comment=1250552. 09/01/2023: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 08/22/2023. 12/11/2023: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 11/28/2023. 04/05/2024: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 02/27/2024. 04/05/2024: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 03/26/2024. 08/20/2024: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 05/28/2024. 14/01/2025: Four download links renewed due to false positives by MediaFire. These four files are now password-protected to stop MediaFire from spreading even more nonsense. 13. Conclusion: At the beginning of this post, I said we had to ask ourselves whether these proxies would continue doing their job in the future or not. After all these observations and explanations, the answer to this question is quite clear: Yes, of course. And especially since we have our new TLS 1.3 proxies. But we have to avoid misconfiguration of these proxies, and in addition, we know they won't work properly without updating and carrying out maintenance. Doing all these things leads to a general, positive side effect for those loving their Windows XP. If all is done correctly, we are now able to use a freshly generated 10 years valid root certificate of ProxHTTPSProxy or HTTPSProxy at any time as long as Windows XP, Internet Explorer access to WWW, TLS 1.2 or TLS 1.3 functionality, Microsoft Update for Windows XP, or the user himself still exist. 14. Disclaimer: All information that I spread here corresponds to my level of knowledge. Most of it has been carefully researched by me. I tested all programs of the section 11. Downloads extensively, and they worked properly in my system. Nevertheless, I do not assume any guarantee either for the correctness and completeness or for the implementation of my tips. The same applies to the application of my tools in the section 11. Downloads. Therefore, all at your own risk! You can use the commenting zone below to tell us about your experiences, problems and questions or to provide further tips and recommendations. Any discussions about these proxies are explicitly welcome. If this article has not been able to resolve any issues related to these proxies, and you need further assistance with configuring or running them, I will try to help you as much as I can. But one thing must be clear, everything should relate to the topic of this thread. That means please stay on-topic! If you enjoyed this article or maybe, you found it interesting and helpful, I would be pleased about any reaction by liking, upvoting, and of course, commenting. Kind regards, AstroSkipper

Hi @cc333, I have never noticed that you've read and liked my guide. But thanks for reading and apparently liking! Usually there is a little button called "Like" to let me know that. Anyway, I think we are talking about my "Complete guide for restoring Microsoft Update in IE". I already wrote it in 21th of January. Due to new facts, modifications and reorder of some steps I've updated it in the last two days and for now it's finished. The linking to other posts is very important to get additional and necessary information. But could you be more specific relating to your request "if you have any input"? What kind of input do you need? And where shall these html sites be mirrored to? You see, a lot of questions we have to talk about. And forget about any old versions of my guide. The only interesting version is the current one. So long! Kind regards, AstroSkipper

@Dave-H A proper user agent is very important to let a web site working correctly providing all services for a visitor. Your user agent is bit strange and especially your entry "BTRS111060". My IE 8 user agent is "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; "Trident/4.0; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 2.0.50727; .NET CLR 3.5.30729). You can see an absolutely clean UA string. Now there are two ways to change the UA string in Internet Explorer 8: editing registry entries or using an addon called UAPick. Here is the link: https://www.enhanceie.com/ietoys/uapick.asp and download link: https://www.enhanceie.com/dl/UAPickSetup.exe Here more information about IE UA strings and related registry keys: https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/ms537503(v=vs.85)?redirectedfrom=MSDN, https://www.heelpbook.net/2014/useragents-on-internet-explorer-registry-workaround/ and this one https://admx.help/?Category=Windows_8.1_2012R2&Policy=Microsoft.Policies.InternetExplorer::Customized_UserAgent_String. By the way browser modes have been provided since IE8 to help developers fix issues quickly by telling a site to render like a previous version of the application. You can find it in developer tools -> browser modes. In my opinion using UAPick is much easier and safe. I had installed it years ago and you can deactivate it or uninstall whenever you want. Install it, backup your current UA string and then override it using my IE 8 user agent. Then try to access MU again. Hope will never die!

@Dave-H I totally agree to @maile3241. You have to uninstall Chrome Frame for testing purpose. I do not have Chrome Frame installed in my system. And restore your original user agent (maybe Chrome Frame is the causer). Maybe it is another version of IE or screenshot taken from Win 2000. So it doesn't matter. In Internet Explorer 8 it is labeled "Internet Options".