NotHereToPlayGames

not difficult to explain to me... i own a '55 Dodge and a '61 Studebaker...

Agreed. Here is today's Browser Irony - we have a lot of folks that polyfill old browsers to perform new tricks, myself included. This is mainly the XP Crowd though the Vista Crowd isn't much far behind in this regard - "keep old at all costs" (without any "cost analysis" that doing this COSTS MORE (both in personal time and CPU/RAM usage) then UPGRADING). But now that I'm on Win10 + Ungoogled Chromium v114, I've actually found myself intentionally doing the OPPOSITE - tracking down what javascript functions run in v114 or newer and BREAKING THEM so that they do NOT "execute".

There are 10 types of people. Those that understand binary and those that do not.

That's exactly why I use Proxomitron but it is "too complex" for most people to "learn", they want something like uBO where "lists" are put together for them. Instead of teaching a man to fish and feeding him for a lifetime, web browser users just want that one fish to be fed to them one at a time, they have no interest in "learning how to fish". For example, the very MSFN page we are on right now has FIFTY scripts. My Proxomitron blocks 13 of them before the web browser even sees them (also why I do not need 20/30/60 uBO lists and my FIVE do just fine. I guarantee that my FIVE uBO lists coupled with my Proxomitron config is blocking way way wwaayyy more than those 20/30/60 uBO "spoon-fed" lists. ps - Proxomitron counts actual physical scripts, inline and fetched, unlike uMatrix or uBO which only counts fetched files.

It's been that way for TWENTY YEARS. Don't for one second think that the "padlock" in that address bar really means anything at all !!! It only ever really did back when ONLY bank sites had that "padlock" !!!

It looks to me like this port is NOT something that you port directly into your XP. Rather, it is something that is "compiled" with the program that you want to then run on XP. ie, you use this to create a version of Supermium or Thorium that will "do" ECC when ran on XP.

I'm talking strictly XP. I have NO USE for Thorium or Supermium on my Win10 machines.

That's because that flag is originally an Official Ungoogled Chromium flag and Supermium hasn't (yet) started importing patches from Ungoogled repository.

Not likely. It means the issue is with some time zones and not all time zones and that your time zone is working correctly.

I personally WANT a v114 !!! released of Thorium and Supermium. 114... 114... 114... I have ZERO need for v122 and ZERO need for chasing Chrome with the whatever update they release every five d#mn days or so. BOTH of these projects, IMHO, should revert to v114 !!! Only AFTER the kinks are worked out and v114 is STABLE should these developers start chasing Chrome's every five d#mn days update schedule.

Bingo! While it is a great thing for Supermium and Thorium to bring "cutting edge" browse-ability to XP, it is clear that XP is quickly quickly quickly becoming something only seen in RETIREMENT HOMES. You know, where the user has 40 minutes to perform what would only take 4 minutes in Win10.

Chrome/Chromium has used an internal cert store in addition to the OS cert store since v105 and it has been enabled by default since v108. To the best of my knowledge, I do think that Official Chrome, Official Ungoogled Chromium, Supermium, and Thorium all fetch these as opposed to them being "bundled". I'll concede to anyone much more in-the-know. My only intent was to demonstrate that the same EXACT browser in XP will not have the same level of security as it does in 10. ECC cert shortcomings in XP has been known for a VERY long time. It is nice to see the backport cited a few posts ago, so that SHORTCOMING is being addressed. XP cert store cannot "do" ECC. But as demonstrated, Mypal only performs this because it is not using the XP cert store. How Supermium is performing this is a NIGHTMARE to figure out, it is simply UNSTABLE and pegs my CPU at 100%, crashes too often, et cetera, for me to have the patience to even ATTEMPT to sort it out.

Heck No! But if we are to truly be "fair and consistent", we should fine-tooth-comb Supermium and Thorium equally and not assume either to be safer than the other.

IMPLIED. But sure, I should have clarified that "WinXP" was referring to WinXP's cert store. SEMANTICS.

Technically, I'm not a fan of INTERNAL cert stores. TRUST ME, it is EXTREMELY easy to release a web browser who's address bar ALWAYS ALWAYS ALWAYS shows a "secure padlock" with made-up details to lead the user into a FALSE sense of "security". We do have MSFN Members that would not be fooled, but trust me, it is EXTREMELY easy to do. And several HUNDRED members here would never know - not until the small handful of a half a dozen or so showed up and pointed it out.

We are mixing apples and oranges. Mypal uses an INTERNAL cert store to pass ECC on XP. Supermium uses an INTERNAL cert store (hidden from the user as far as I can tell) to pass ECC on XP. 360Chrome fails ECC on XP because its INTERNAL cert store does not contain the same INTERNAL certs as Mypal or Supermium. This has actually always been one of the ADVANTAGES of Mozilla-based browsers - a cert store fully INDEPENDENT of the OS it is ran on because the cert store is INTERNAL to the browser itself. Update the browser, you update the cert store. No need for threads like this because the cert store is updated when the browser is updated, keep the OS as old and ancient as you want, you're not using the OS cert store.

No clue without debugging their code. While 360Chrome is transparent and open and will SHOW you its INTERNAL certificates, Supermium and Thorium both HIDE their INTERNAL certificates and only take you to a "support.google.com" page if you ATTEMPT to view them!

Looks promising.

The DHL cert is "secure" in XP because it is NOT using Elliptic Curve.

It's not the "encryption" you are failing, it is the "algorithm" that you are failing. WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates. Period. The E1 cert is your issue, each and every web site that has been cited in this thread that is not reported as "secure" in the web browser's address bar is using E1. You will NEVER get this E1 certificate to show up as "secure" in XP.

We have to assume that you are using One-Core API, correct?

Mozilla does not use XP's cert store. This thread updates XP's cert store and will not affect any browser's INTERNAL cert store, it will only effect the OS cert store. Two different stores entirely.

Guys, sorry for the late arrival. There is a lot of true info in these recent posts, there is also a lot of misleading half-truths. I shall attempt to clear the air, but sometimes that is impossible here at MSFN when people doing the discussing already have preconceived notions (which may result in this being my ONLY reply to these recent posts). I speak solely towards my 360Chrome v13.5.1030 Redux as that is the only version I still use. My other versions "should" be the same in this regard. First, yes, it is "true" that iTrusChina Co.,Ltd. is LISTED in the Trusted Certificates Store - that is not the same thing as saying it is being "used" by 360Chrome. The USE of this certificate is "supposed to be" BROKEN in my builds. Now then, with that said, how do we PROVE that the USE of this cert is BROKEN? You must must must first locate a web site that USES that cert! https://valid-isrgrootx2.letsencrypt.org/ does NOT use that cert - it uses "E1". More importantly, it uses "ECDHE_ECDSA" as the key exchange mechanism - this is not compatible with WinXP and cannot be made compatible with WinXP. My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP!