Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×


  • Posts

  • Joined

  • Last visited

  • Donations


About alstring

Profile Information

  • OS

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

alstring's Achievements



  1. Slightly OT, but relevant if you want to add the cryptographic protocol TLS 1.2 for any XP reason such as mentioned above: > On 9/3/2018 at 3:56 PM, cc333 said: > .. all forms of TLS less than 1.2 were taken offline June 30, ... unless ... MS decides to release a patch that fixes the problem (... POSReady 2009 might get one) > On 9/5/2018 at 11:01 AM, Mathwiz said: > They did; actually there are two: ... I found the TLS 1.2 procedure posted in 2 parts on MSFN, plus a related TLS 1.0 security update reply post by Mathwiz. It wasn't non-techie friendly, and was a tediously long study for (non-expert) techie power users. I compiled the source posts and wrote a step-by-step procedure "INSTRUCTIONS TO ADD TLS1.2 TO WINDOWS XP OS & IE8". It combines adding KB4019276 for POSReady 2009, KB4316682 for IE8, and the TLS 1.0 security update for XP registry: Update Windows XP & IE8 to TLS1.2 (Connected Last Skype 7) https://msfn.org/board/topic/178087-update-windows-xp-ie8-to-tls12-connected-last-skype-7/
  2. > On June 19, 2018 Cyber Axe said: > I have created a Batch script that will download and update the Root Certificates... Not urgent (yet), but I'm still hoping to download this elegant fix. This seems to be a potentially serious need. Certificates not updated causes me to have a lot of website connection failures per old browser on Android and Java phone devices, as well as Win98. I haven't figured out how to fix them.
  3. Reportedly on or about April 12th, my Skype stopped being able to log in, but I didn't notice. I was using Hibernate state (S4) suspend-to-disk, so my Skype login session lasted for about two more weeks. Trying to reuse the Skype login in my hiberfil.sys, that file self-deleted by an attempt to copy it, probably due to XP security. For further investigation, I made folder copies of: 1) C:\[D&S]\Settings\HP_Administrator\Application Data\Skype 2) C:\Program Files\Skype ,renamed the original Application Data folder to: "Skype (archived original 7.36 data after login refused on 2019_04_26)" ,renamed the copies to "Skype" (as previously). The most important reason for doing this was to preserve the year+ chat log for SkypeLogView, etc. But also to be able to recover from experimentation errors. In fact, after trying alternate reinstalls, my next attempt to execute the 7.36 program was met by an info box reading: ----- Warning A problem was found with the version of Skype installed on this device. [blah, download latest, blah] Expected: 9d2996d08c13f0133168878e74cc3930 Found: - ----- 32 hex digits appears to be an MD5 checksum, to exit Skype if the installed program has been altered by malware (or bitter-end Skype 7 users?).
  4. > On 1/6/2018 at 6:36 PM, roytam1 said: > Skype seems dropping out v7 support. I hex-edited Russian's unpacked skype.exe 6.16 and changed version to 8.34 and it is able to login again. I've read similar reports from early 2018. Apparently Skype managers are determined to kill Skype 7, and collaterally, all use of Windows XP for Skype. Technically, they may urgently plan to decommission the current (more costly?) telephony server architecture. Chat and photo files are cheap, so Skype 7 chat, photo, and better interface controls may be a collateral victim of rushed cost-cutting to telephony server upgrades. Probably they are now using Azure distribution centers that function like telephone central offices ("there is no cloud"). Why? Speculatively, the business news of Microsoft having mere single digit growth with consequent technical staff layoffs, suggests they no longer have enough software engineers to support legacy product functions that would avoid another public relations disaster first seen with Windows 10.
  5. Original January 4, 2019 post title was "Update IE8 to TLS1.2 for (nearly) Last Skype on Windows XP". Update title changed May 1, 2019. Readers wanting Skype-specific info should page or find down to the ORIGINAL INTRODUCTION. UPDATE INTRODUCTION: This compiled procedure, Instructions To Add TLS1.2 To Windows XP OS & IE8, turns out to be useful for non-Skype purposes, and may now be obsolete for the intended purpose of running Windows XP Skype (see posts below). For convenience of other readers, I've reorganized the original post so that the procedure steps now start near the top. I've also edited OS registry variations in steps 9A and 9B, made a change in step 11, and added a 12th procedure step, each helpfully noted by posters below. ----------------------------------------------------------------- INSTRUCTIONS TO ADD TLS1.2 TO WINDOWS XP OS & IE8 (Compiled from MSFN source posts credited) ----------------------------------------------------------------- 1) If not already updated, download and install Microsoft's updated Windows Installer 4.5 (KB942288-v3) from https://download.microsoft.com/download/2/6/1/261fca42-22c0-4f91-9451-0e0f2e08356d/WindowsXP-KB942288-v3-x86.exe 2) Set a System Restore point marked, say, "Spoof POSReady ID registry edit" 3) Put the following POSReady spoof text (omit the hyphen lines) in POSReady.txt, rename to POSReady.reg, right-click Merge, Yes. ---------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 [<-- BLANK LINE] [<-- BLANK LINE] ---------- 4) Navigate to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276 5) Find down to POSReady, Windows XP Embedded versions of KB4019276 Click Download button for that version. Click English in the opening language window (or other language). 6) Navigate to: https://www.catalog.update.microsoft.com/search.aspx?q=KB4230450 7) Find down to POSReady, Windows XP Embedded versions of KB4230450: Click Download button for that version. Click English in the opening language window (or other language). 8) For each KB file: click, accept install, reboot. (Both create restore points just in case.) 9) Edit the following Windows XP registry entries in 9A and 9B to read as shown. If you aren't sure how, look up Regedit 5 editor instructions. For convenient automatic registry edit-merge, these lines may be pasted into Notepad text files, renamed .reg ,then just click the file after closing it (expect no response). (But to be careful, I edited them manually with Regedit 5.) 9A) After navigating the chain of registry keys, click the key TLS1.1, in the right panel, right-click "OSVersion", click Modify, enter the Value data already shown (not sure why), click OK. (I had to change "" to "" shown in obvious German in the source.) (EDIT: Other posters report below that if this key is absent, this step may be safely skipped.) ---------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1] "OSVersion"="" ---------- 9B) Next click the key TLS1.2, in the right panel, right-click "OSVersion", click Modify, enter the Value data shown above, click OK. (Likewise I had to change "" to "") (EDIT: Likewise, if missing, skip this step.) ---------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2] "OSVersion"="" ---------- 10) Click Start, hover Control Panel, click Internet Options, Advanced tab, pull the thumb bar all the way down. You should see new checkbox options for "Use TLS 1.1", "Use TLS 1.2". (KB4230450 will install these checkboxes, but they won't work without KB4019276.) 11) Check "Use TLS 1.2". Leave unchecked "Use TLS 1.1" (already obsoleted by TLS 1.2; and, TLS 1.3 was approved in 2018). (EDIT:) Leave checked "Use TLS 1.0". Click OK. The TLS 1.0's AES component is not insecure. TLS 1.0 may best remain checked for legacy websites needing AES or 3DES. (See explainers in posts below.) 12) (EDIT:) The following registry edits disable TLS 1.0's insecure cipher suites: DES, RC2, RC4, plus the insecure MD5 cipher hash. 3DES may be disabled optionally, but legacy websites without AES may need 3DES (Triple DES). TLS 1.0's secure cipher suite AES remains enabled, unchanged (no edit shown). Edit the following registry entries to read as shown: ---------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5] "Enabled"=dword:00000000 ---------- You may need Triple DES (3DES) at websites which don't (yet) support AES. Here is the optional edit (not yet recommended) to disable 3DES (0's mean Not "Enabled", equals Disabled): ---------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168] "Enabled"=dword:00000000 ---------- The above registry edits (manual for transparency) are included in a larger set of one-click automatic edits in a download .reg file posted below. Pardon any source text compiling errors. If you have problems, try reading the sources (long). Source posts credited: ● https://msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/ POSReady 2009 updates ported to Windows XP SP3 ENU By glnz, March 19, 2013 in Windows XP ● https://msfn.org/board/topic/177500-upgrading-ie8-to-tls-12/ Upgrading IE8 to TLS 1.2 By Thomas S., June 9, 2018 in Windows XP ● https://msfn.org/board/topic/178087-update-ie8-to-tls12-for-nearly-last-skype-7360150-on-windows-xp/ Update IE8 to TLS1.2 for (nearly) Last Skype on Windows XP By Mathwiz, January 4, 2019 in Windows XP ---------- ORIGINAL INTRODUCTION: I'm posting a step-by-step fix to add TLS1.2 to IE8, so that Skype (for a few months did) run on Windows XP-SP3. (While 7.41.x.x may be actual "last" for WinXP, it may or not nag you to "update", requiring a separate fix or version downgrade. My version 7.36 didn't get the nag, and 7.40 was also reported to lack the nag when it mattered before April 12.) I've compiled pieces of the fix puzzle I found elsewhere on MSFN, because the complete fix isn't obvious to WinXP Skypers searching from elsewhere on the web. The fix isn't that difficult, but the usual warnings that novices should back up the registry before editing it, do apply. The download KB file installs, and each set their own restore points. I hope just setting a Restore point before starting the edit will be adequate. I haven't used my desktop PC WinXP-SP3 Skype (mostly chat) for months while the power supply was down. Yesterday I fixed it. To my surprise, Skype errored with "Sorry, we couldn't connect to Skype. Please check your Internet connection and try again." But the internet was ok. Many Skypers aren't techies, and most of the posted complaints about "Sorry, we couldn't connect to Skype", don't have a fix other than get a new OS like Win7, or use web Skype. For good reasons, we don't want to give up WinXP, at least as a backup to Win7 (or even Win8.1 for my keytablet). I've thoroughly tested Win10, but I'm not interested in that control-freak bugfest. One elsewhere-posted answer with no fix, helpfully explained that Skype had switched to using the more secure https encryption protocol TLS1.2. Skype for WinXP uses the SSL/TLS protocols built into Internet Explorer 8, which is the last Internet Explorer version for WinXP. IE8 normally has a maximum version of TLS1.0. Skype servers apparently turned off insecure TLS 1.0 sometime after I had to quit using this Skype last year (2018). So the fix is to add TLS1.2 to IE8, and it did work for me. At MSFN I found the bitter-end holdouts on WinXP, same website where I found the Win98 bitter-enders. (Btw, one poster at MSFN said the famous Windows OS bitter-ender AXCEL216 aka MDGx aka George, is still alive!). One or more MSFN gurus noticed that Microsoft is still updating Windows XP embedded OS for computerized cash registers (etc.), a WinXP variant known as "POSReady" (POS= Point Of Sale). They figured out how to spoof WinXP-SP3's identity, so that it will pose as, and accept POSReady updates, including those which to add TLS1.2 to IE8. (If still relevant to Skype readers, do the procedure above. Even if another post-April 12 Skype for XP fix is found, this procedure will likely be needed as well.) When I did this procedure (in January of 2019), the "we couldn't connect to Skype" error went away. However, a new sub-login dialog appeared that only allows a Microsoft school or business account. This dialog went away after I clicked on an existing chat account. (See new Skype 7 login obsolescence described in posts below, first reported elsewhere as of about April 12, 2019.) I hope this helps. Al

  • Create New...