Thomas S.

It would be nice - but I don't get this version to run under XP. In my opinion, important system settings are missing, such as the path to the directory and registry entries (but I'm not sure). Anyway, I can't start python.exe, there is a mistake in a missing procedure (but I haven't saved the messagebox now). And I can't install any additional python modules, the installation of pip is already failing (the following, of course, can't run either): python -m pip install --upgrade --force pip So my question: what exactly is to install? I lack a little bit of guidance. Only a unpacking into the directory python37 can't be ...

To add the needed registry modification, I give here the code for a reg file for activating WinHTTP TLS1.1 AND 1.2 (as described in kb4467770 article): Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000A00 A download to use file is attached. Short technical info: Override defaults for WINHTTP_OPTION_SECURE_PROTOCOLS to specify TLS 1.1 and TLS 1.2 Add DWORD value for TLS 1.1 (0x00000200) and / or DWORD value for TLS 1.2 (0x00000800) The resulting registry DWORD value for both would be 0x00000A00. WinHttp DefaultSecureProtocols.reg

As I understand, WinHTTP is used by Applications directly (without the functionality of IE and his API). Often the kb articles are not fully transfered from the basicly descibed OS versions to PosReady, so it can be that 1 also works in XP.

Info: today I have got four new sst files for roots and disallowed certs.

Reporting that behavior to the AV manufacturers do not help. After a "CLEAN" report and whitelisting the exe some come back a few days later with another false positive alert. I wrote to VirusTotal and got a list with the adresses of the AV manufacturers. It seems that it is up to date. See AV.xls

Conclusion: we can run the update without patching oleaut32.dll? Great!

@heinoganda I have send a email to the false pos AV manufacturers - two answered until now that the HTTPSProxy.exe (last 2018-11-06) is clean. But today the rating is rising to 21/68 (without this two manufacturers) - what a mess

@Youse No. I have searched for many month and found no other sutible solution. (May be there is another, but I didn't found it.) And same experience with Burp Suite. First effort was sTunnel and I have had success with it for Outlook to reactivate a TLS connection to my email provider as he switched from TLS1.0 to 1.2 Then came ProxHTTPSProxMII for WinXP HTTPS, found here in the MSFN forum as a tip. Sorry, it is as good as it will be with this old operating system at all.

@heinoganda Thanks for this information, very interesting. But this is not easy, all manually work ...

Report a false positive to VirusTotal is not so easy. VirusTotal now protects developers from becoming false positives The service "VirusTotal Monitor" is free for the AV companies - not for the developers... I found no way to report it on a simple way like "contact us".

And the prerequisites have been changed (I have to read the PAE wicki to remember ) But this will be the limitation not to upgrade with SP3? I think no...

Are there any problems with official SP3 and older SW? I have f.e. Visio Technical 5.0 or Micrografx Designer 7.1 that both works great under XP SP3 in compatibility mode. Old drivers for special adapter cards? May be...

That is not all to do, you need also the libraries / modules that are compatible with this 3.x version of python. Some of the actual versions dropped support for python < v3.4 (f.e. urllib3 and pyOpenSSL), you need also here the older versions. And older libraries have bugs and not the full functionality for actual TLS. That is why I look always for new versions of the libraries...

Today I see new versions of cryptography and requests... Ready for a new build of HTTPSProxy?

@heinoganda I tried UPX, but one file and also a build with the separate libraries doesn't change the situation at virus total (just one alert less with pyInstaller 331 or 34).

Huh That is a problem, because where do I get the right libraries which will run under this old configuration. And run well, not with bugs. And do what they have to do. And I can't test it, I have no XP SP1 / SP2. Iit is better that you update your system with SP3. Why not?

As I tried to compress the final Launcher.exe with mpress to minimize the file size I had a RED ALERT So I let it be... ...and I don't use UPX, but I can try.

Of course...

@heinoganda Thanks for your comment. I think on step back to pyInstaller 3.3.1 too. But the difference is 17/68 to 10/68 alerts - not really better - trusting the prog is a matter of trust ... The problem already exists with the interpreters, which are "compiled" together with the scripts in the the build programs. And since there are regular updates, it's tedious to report any new build as false positive. The progs / suite is a help to keep WinXP alive and a help from user to user, nothing more.

@Youse ProxHTTPSProxy is not my project. If you have such an exe I can't support you. HTTPSProxy and Launcher have both the min requirement WinXP SP3 plus the patches until April 2014 (it works with PosReady too, but I think that it is not the platform the developers testet). They are realy new and not much distributed, so it might be that it gives a error on some systems, but I have it tested much on XP. Not lower, but also on 7 and 10, but there it makes no sense to run the suite.

And that is not the whole story, you have to config the Proxy settings if you have trouble with an connection. The proxy project bases on a python script which is compiled to a single exe with "pyinstaller". The resulting exe is marked as malicious on several scanners, see this picture of Process Explorer, column "Virus Total": Similar the Launcher, it is scripted for and compiled with AutoHotkey to a single exe. Sorry, I can't solve this problem, it is as it is... The site for download is here in my browser without limitation, I can't see any add, may be because I use uBlock Origin? PW is to prevent a wide open door, and I am able to stop the access (if a bug or other issue requires it).

@siria Sorry for that problem, I will look for an alternative. In the meantime can you try the Firefox ESR 52.9? It is the latest for XP, and with this browser it works on XP without complications.

The 7z archive has two folders. For the first installation please use the folder "HTTPSProxy". It has all files needed. See "Installation-Update_EN,txt" in the "Docs" folder for the few steps of setup. The other folder ("Update HTTPSProxy") is only for a update of a existing older proxy installation. To safe the existing configuration a copy and paste of this folder do not override config.ini and Launcher.ini. But config.ini is needed for the Proxy, without it won't work properly.

@Youse This are only Win32 applications, so I am wondering about this error. Do you have decompressed the files correct? May be there is something gone wrong?

The bug has disappeared with the last update of urllib3 v1.24.1 (2018-11-02), which was just a few days after my buggy version of HTTPSProxy (2018-10-24). I simply did not notice the error because all pages were displayed flawlessly. Before that, all the other releases were fine. There may be more other dependencies, but now everything is fine again. Sometimes it is better not to change a running system...