Jump to content

Search the Community

Showing results for tags '0x80072f8f'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The General Stuff
    • Announcements
    • Introduce Yourself!
    • General Discussion
  • Microsoft Software Products
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Server
    • Older Windows NT-Family OSes
    • Windows 9x/ME
    • Other Microsoft Products
  • Unattended Windows Discussion & Support
    • Unattended Windows
    • Other Unattended Projects
  • Member Contributed Projects
    • Nuhi Utilities
    • Member Projects
    • Other Member Contributed Projects
    • Windows Updates Downloader
  • Software, Hardware, Media and Games
    • Forum Categories
    • Mobile Devices
  • Customizing Windows and Graphics
    • Customizing Windows
    • Customizing Graphics
  • Coding, Scripting and Servers
    • Web Development (HTML, Java, PHP, ASP, XML, etc.)
    • Programming (C++, Delphi, VB/VBS, CMD/batch, etc.)
    • Server - Side Help (IIS, Apache, etc.)

Calendars

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype

Found 1 result

  1. ProxHTTPSProxy and HTTPSProxy in Windows XP for future use Introduction: The idea of this little thread is to provide information and recent findings I've made relating to the SSL proxies ProxHTTPSProxy and HTTPSProxy. Due to the fact that I don't use other older NT based Operation Systems (OSs) except Windows XP Professional all my observations and explanations are referring to both proxies in Windows XP only. So please do not comment off-topic in this thread! I am AstroSkipper, a member of MSFN since 2010, and was involved in restoring of access to Microsoft Update (MU) website in Windows XP (and some other OSs). This is the thread: While restoring MU in my own Windows XP Professional system I had to solve a lot of problems and had among other things some significant findings relating to ProxHTTPSProxy and HTTPSProxy too. The above mentioned thread is now over 140 pages long and unfortunately very bloated. In most cases visitors or members of MSFN don't want to read that much of pages for getting information they have looked for. A lot of comments are part of conversations which no longer can be retraced or understood easily by people who weren't participated. Therefore I wanted to make my own findings accessible to all interested people in a clear, short way. That's why I decided to make my own thread to provide some facts, tips and especially news referring to these proxies. It is an unfortunate circumstance that the creators of ProxHTTPSProxy and HTTPSProxy, @heinoganda and @Thomas S., haven't been here for a long time and no further development of these proxies has been made the last years. Of course, we thank both creators explicitly for these outstanding proxies, we are very glad to have them, but they have to be used as they are. This is the reason why we have to ask ourselves whether they'll continue doing their job in the future or not. But maybe some of you don't really know what actually their job is. Purpose of ProxHTTPSProxy and HTTPSProxy: Originally ProxHTTPSProxy was created for Proxomitron as a SSL Helper Program. Proximotron is a local HTTP web-filtering proxy. Here are two links about Proxomitron: http://www.buerschgens.de/Prox/index.html (German website, use Google Translator if necessary) and This is a quotation from a post of the developer called "whenever" who had made ProxHTTPSProxy originally: Source link: https://prxbx.com/forums/showthread.php?tid=1618 Here an image to show how ProxHTTPSProxy works: ProxHTTPSProxy and HTTPSProxy were created by our members mentioned above to provide modern nag-free HTTPS connections for an HTTP proxy. The main purpose in Windows XP is in adding modern ciphers to HTTPS connections of Internet Explorer (IE) to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates (KB4230450, KB4316682 and KB4019276). Here is a link with further information how TLS 1.1 and TLS 1.2 can be enabled in Windows XP: The original ciphers of IE are outdated and therefore a lot of websites can't be accessed or they don't work properly due to SSL issues. More information about these proxies you can find in the original thread: Area of application: As already said, the main purpose of these proxies is in adding modern ciphers to HTTPS connections of IE to improve either its missing TLS 1.2 functionality or its rudimentary TLS 1.2 functionality last added by Microsoft after installing some relevant POSReady updates. Therefore ProxHTTPSProxy or HTTPSProxy is used in combination with IE to access websites which couldn't be called up by IE without it. Some programs use Internet Explorer's browser engine called Trident to get data from Internet, to search something or to check for updates. For example my favourite movie database program All My Movies™ checks for updates using IE engine. Without one of these proxies it will fail. Some e-mail clients like eM Client or Eudora are using IE engine too. Some browsers like 360 Extreme Explorer are able to use IE engine for surfing. Another new purpose is to access Microsoft Update to look for updates. As I mentioned above I was involved in restoring of access to Microsoft Update (MU) website in Windows XP (and some other OSs) and we were successful by now. If you're interested in restoring MU functionality, I've written a little guide with the title "Complete guide for restoring IE's access to WU/MU website using ProxHTTPSProxy or HTTPSProxy in Windows XP" which can be found here: Prerequisites: A CPU with SSE2 instruction set is necessary to let the more recent proxies run. Detailed information: Testing system: Windows XP Professional SP3 POSReady with an AMD Athlon XP 3200+ (Thoroughbred), an old CPU providing SSE, but lacking of SSE2 instruction set. After testing of all proxies mentioned in this article, I can confirm that all @heinoganda's releases ProxHTTPSProxy REV3b, ProxHTTPSProxy REV3d, ProxHTTPSProxy REV3e and @Thomas S.'s release HTTPSPoxy in version HTTPSProxy_Launcher_v2_2018-11-06 require a CPU with SSE2 instruction set. All these proxies crashed when starting 'ProxHTTPSProxy.exe' or 'HTTPSProxy.exe'. But @whenever's release ProxHTTPSProxyMII 1.3a could be started without crashing, and after testing I can confirm this proxy is fully compatible with a CPU possessing SSE instruction set only. Therefore, this proxy can be used in such old systems, but only if absolutely necessary. For safety reasons. More detailed information below in section Versions. Installation: The program packages provide documents and instructions, actually sufficient. Both proxies do not need any installation. There is no setup installer. They are fully portable with a few exceptions. The user has to edit the config file according to his needs, he should update a special certificate called 'cacert.pem' and he has to install the proxy's root certificate properly in any case. But to avoid unnecessary repetitions, I'll come back to that later in section Configuration. The location of their program folder can be chosen freely. For this purpose I've created a folder "Portable" in my system partition. I have created this folder to remind me that programs inside folder Portable do not have to be uninstalled. Configuration: The configurations of these proxies are a bit different. Configuration of ProxHTTPSProxy: - Install ProxHTTPSProxy's root certificate 'CA.crt' under Trusted Root Certification Authority manually or apply 'ProxHTTPS Cert Install.exe'. Alternatively you can use the more recent ProxHTTPSProxy Cert Installer which has been modified and updated by me. You can find it in section Downloads. - Edit the config file 'config.ini' according to your needs. More detailed explanations at the end of this section. - Update the certificate 'cacert.pem' by downloading and inserting it manually (see cacert Update.txt) or automatically by applying 'cacert_Updater.exe'. Due to the circumstance that @heinoganda's original cacert Updater doesn't work anymore, I have fixed it. This "cacert Updater Fixed" can be downloaded in section Downloads. Configuration of HTTPSProxy: - Generate a new HTTPSProxy's root certificate 'HTTPSProxyCA.crt' by opening 'HTTPSProxy.exe' and closing its window when the process is over. - Install HTTPSProxy's root certificate 'HTTPSProxyCA.crt' under Trusted Root Certification Authority manually. Alternatively you can use the brand new HTTPSProxy Cert Installer which has been created by me. You can find it in section Downloads. - Edit the config files 'config.ini' and 'Launcher.ini' according to your needs. More detailed explanations at the end of this section. - Update the certificate 'cacert.pem' by downloading from url https://curl.se/ca/cacert.pem and inserting it manually (see Installation-Update_EN.txt) or automatically by clicking cacert.pem update in Launcher's menu. - Execute the reg file 'Inet_CurUser_ProxySettings.reg'. Both proxies have got a config file called 'config.ini'. The following parameters of the proxy can be specified there:: ProxAddr, FrontPort, BackPort, LogPort and LogLevel. Look into this file and you'll get short descriptions of these parameters. Furthermore there are special sections titled [SSL No-Verify], [BLACKLIST], [SSL Pass-Thru] and [BYPASS URL]. In these sections url addresses can be inserted letting the proxy know how to perform them. HTTPSProxy has a second config file called 'Launcher.ini'. Here you can set up the Launcher of HTTPSProxy. A short description can be read at the beginning of each file section. Here you can see HTTPSProxy's config file similar to the one of ProxHTTPSProxy: More detailed information about the parameters and sections can be found in their doc files. Both proxies can be set as system-wide proxies using 'proxycfg.exe'. Here are proxycfg's command line parameters: proxycfg This command displays the current WinHTTP proxy settings. proxycfg -d This command specifies that all HTTP and HTTPS servers should be accessed directly. Use this command if there is no proxy server. proxycfg -p proxy-server-list optional-bypass-list This command specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for a given protocol and that server is not in the bypass list, the -p option specifies that the server cannot be accessed at all. proxycfg -d -p proxy-server-list optional-bypass-list This command specifies one or more proxy servers, and an optional list of hosts that should be accessed directly. If a proxy server is not specified for the given protocol, the -d option specifies that the server should be accessed directly instead. proxycfg -u This command imports the Internet Explorer proxy settings of the current user. WinHTTP does not support auto-discovery and configuration script-based proxy settings. So far so good, but unfortunately that's not the whole truth. Configuration of these proxies to access MU website successfully nowadays: MU website can be accessed only by IE, but nowadays it needs the more recent cryptographic protocol TLS 1.2. That's the reason why MU wasn't available in the past. Therefore we have to use one of these proxies to gain access. If all steps of my "Complete guide for restoring Microsoft Update in IE" have been performed properly, you would like to call up MU website. But in some cases problems could occur. One of them is to get a MU website with output of error code 0x80072f8f (hexadecimal notation). I had examined this error deeply and could solve it. But what does that have to do with our proxies? Of course a lot, otherwise I wouldn't have mentioned it. Here you can read my short post "Final fix of error code 0x80072f8f while accessing WU or MU website": The steps in order: 1. Delete old 'CA.cert' file in ProxHTTPSProxy's program folder. 2. Delete all certificates in ProxHTTPSProxy's certs subfolder. 3. Update 'cacert.pem'. 4. Open 'ProxHTTPSProxy.exe'. A new ProxHTTPSProxy CA certificate 'CA.crt' valid for another ten years has been generated. 5. Import this new ProxHTTPSProxy CA certificate to Trusted Root Certification Authority but under account local computer. And exactly here lies the problem. You have to import this certificate in a special way to ensure it is really installed in Trusted Root Certification Authority under account local computer. Otherwise it can happen that this certificate is installed in Trusted Root Certification Authority under account current user. And that is definitely the cause of error code 0x80072f8f. No one had told us where this certificate has to be installed to. No hints in the doc files of both proxies. And how can we do that? Here are the detailed steps using the Microsoft Management Console: - Open console by typing mmc. - Add a snap-in for certificates. - Choose for local computer - Import your recently generated ProxHTTPSProxy CA certificate to Trusted Root Certification Authority. - Finished. Now we have to modify the config file. Alternatively you can use my pre-configured config files in section Downloads. - Open config.ini in an editor of your choice. - Add these urls under section [SSL No-Verify]: urs.microsoft.com c.microsoft.com* *one.microsoft.com* download.windowsupdate.com cc.dcsec.uni-hannover.de fe2.ws.microsoft.com *update.microsoft.com ds.download.windowsupdate.com - Save your changes. - Finished. Of course same procedure for HTTPSProxy with one exception: HTTPSProxy's root certificate is named 'HTTPSProxyCA.crt'. Fixing error code 0x80072f8f leads to fixing another problem and that is the validity of Proxy's root certificate. From now on a freshly generated root certificate of ProxHTTPSProxy or HTTPSProxy valid for another ten years will be fully functional because we finally know where it exactly has to be imported to. Maybe you understand now how important it is to configure these proxies properly. Otherwise they wouldn't work flawlessly. In section Downloads I provide separate CA Certificate Installer and Uninstaller for both proxies. They have been created by me for the people who do not dare to generate and install certificates themselves. Due to a modification made by me these installers and uninstallers do now their job properly i.e. the certificate installation will be definitely performed in Trusted Root Certification Authority under account local computer. If you asked me which kind of certificate installation you should choose, I would recommend the manual method. For security reasons only. The installers contain a pre-generated root certificate of its proxy which will be installed properly. But as a result all users of these installers will have got the same certificate unfortunately. Normally no good. But do we really want to spy each other? I don't think so. On the other hand using the manual method we all will have an unique certificate without any risks. So it's up to you! Usage: The usage of these proxies is very simple but a bit different. Usage of ProxHTTPSProxy: The best way to start ProxHTTPSProxy is to execute 'ProxHTTPSProxy_PSwitch.exe'. In this case ProxHTTPSProxy will set up itself automatically and delete its settings when closing. You can check the settings of ProxHTTPSProxy in Internet Options of IE. Here is a screeshot of ProxHTTPSProxy's program window: Usage of HTTPSProxy: The way to start HTTPSProxy is a bit different. For starting it you have to simply drag 'HTTPSProxy.exe' to 'Launcher.exe" by drag & drop and a new system tray icon appears. Via this icon all available options of HTTPSProxy's Launcher are accessible. There are a lot of options: exit, restart, launch HTTPSProxy with Windows, edit config.ini, cacert.pem update, enabling or diabling HTTPSProxy, Update Windows root CAs, edit Launcher.ini and so on. Here are some screenshots of HTTPSProxy: Launcher's menu: HTTPSProxy - switched on and switched off: HTTPSProxy's program window: HTTPSProxy while accessing MU: If connection errors occur, you can check the settings of HTTPSProxy in Internet Options of IE and set them manually or automatically by applying reg file 'Inet_CurUser_ProxySettings.reg'. And now one important hint. If you want to use both proxies in your system, you mustn't run them in RAM at same time! Otherwise the selected proxy won't work at all. You have to close the unused proxy to use the other. Keep that in mind! Maintenance of ProxHTTPSProxy and HTTPSProxy for future use: We have to carry out a bit of maintenance to ensure that these proxies are working properly. First of all, the system's root certificates should be updated every three months. If you have not done that yet, you can use the current root certificate updater in section Downloads where a version with separate installers for Root Certificates and Revoked Certificates or an AIO version of these installers can be downloaded from. Then you should check following list: - Periodically updating of 'cacert.pem'. - Maintenance and check of config file according to your needs.. - Check of validity of proxy's root certificate. - Deleting of all certificates in Proxy's certs folder if proxy isn't working properly. - Checking state of Proxy in IE or in system. Versions: Last known version of ProxHTTPSProxyMII, created by @whenever and released in June of 2018: ProxHTTPSProxyMII 1.5 (20180616) ProxHTTPSProxyMII 1.3a (20150527) was released in May of 2015. Here is a link: https://prxbx.com/forums/showthread.php?tid=2172&pid=17686#pid17686 and https://prxbx.com/forums/showthread.php?tid=2172&pid=18454#pid18454 Due to support of SHA1 for signing certificates ProxHTTPSProxyMII 1.3a can be used in a Windows XP Professional x64 system to access MU successfully. More recent versions use SHA256 to sign certificates and fail while accessing MU. But that also means ProxHTTPSProxyMII 1.3a is not secure and should only be used if there is no other option. Here is a link to the post with necessary instructions and a screenshot of successful access to MU using ProxHTTPSProxyMII 1.3a in Windows XP Professional x64, credits to @maile3241: Last known version of ProxHTTPSProxy released in November of 2019: ProxHTTPSProxy REV3e. Here is a link: Last known version of HTTPSProxy released in November of 2018: HTTPSProxy_Launcher_v2_2018-11-06 Here are two links: and Downloads: Archived Downloads {obsolete}: ProxHTTPSProxyMII 1.3a can be downloaded here: http://www.proxfilter.net/proxhttpsproxy/ProxHTTPSProxyMII 1.3a.zip. Credits to @whenever. ProxHTTPSProxyMII 1.5 can be downloaded here: http://jjoe.proxfilter.net/ProxHTTPSProxyMII/files/ProxHTTPSProxyMII 1.5 advanced 34cx_freeze5.0.1urllib3v1.22Win32OpenSSL_Light-1_0_2o-1_1_0h.zip. Credits to @whenever. ProxHTTPSProxy REV3d can be downloaded here: https://i430vx.net/files/XP/ProxHTTPSProxyMII_REV3d_PY344.7z. Credits to @heinoganda. Root Certificate and Revoked Certificate Updater of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/n4ea8nbijox88o3/Roots_Certificate_Updater_24.02.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 02/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/8ler7d9z8aesz08/rootsupd.exe/file Root Certificate and Revoked Certificate Updater of 04/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/7e6jw2mdp6bi3u0/Roots_Certificate_Updater_28.04.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 04/28/2022 created by @AstroSkipper: https://www.mediafire.com/file/m6n7481wdq546ad/rootsupd.EXE/file Latest Downloads: Downloads related to ProxHTTPSProxy: ProxHTTPSProxy REV3e can be downloaded here: https://msfn.org/board/applications/core/interface/file/attachment.php?id=49205&key=1d82b78adecd29bef6d02d67c214249a. Credits to @heinoganda. ProxHTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 modified and built by @AstroSkipper: https://www.mediafire.com/file/9tnonnlymrp98f8/ProxHTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file ProxHTTPSProxy's config file to access MU website successfully, modified by @AstroSkipper: https://www.mediafire.com/file/vr1klatuzjh6v5c/ProxHTTPSProxy_-_config.ini/file Downloads related to HTTPSProxy: HTTPSProxy in the version of HTTPSProxy_Launcher_v2_2018-11-06 can be downloaded here: https://www.mediafire.com/file/ku859ikt2t79cgl/HTTPSProxy_Launcher_v2_2018-11-06.7z/file. Credits to @Thomas S.. HTTPSProxy CA Certificate Installer and Uninstaller with a freshly pre-generated root certificate valid until 02/19/2032 created by @AstroSkipper: https://www.mediafire.com/file/sx1i6w2c6f1hvwm/HTTPSProxy_Cert_Installer_%2B_Uninstaller_%2B_CA_valid_until_02-19-2032.7z/file HTTPSProxy's config file to access MU website successfully, modified by @AstroSkipper: https://www.mediafire.com/file/6emtdvx2vmw4iz8/HTTPSProxy_-_config.ini/file Downloads related to cacert.pem Certificate Update: cacert Updater Fixed, fixed and recreated by @AstroSkipper: https://www.mediafire.com/file/y98gtqf8ewr6zz4/cacert_Updater_Fixed_Recreated.7z/file. Credits to @heinoganda. Downloads related to Root Certificate Updates: Root Certificate and Revoked Certificate Updater of 05/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/aob1fkpf6f3vyhd/Roots_Certificate_Updater_24.05.22.7z/file Root Certificate and Revoked Certificate Updater (AIO version!) of 05/24/2022 created by @AstroSkipper: https://www.mediafire.com/file/vkopcjfymnei5cn/rootsupd.exe/file Certificate Updater 1.6: https://www.mediafire.com/file/nmoqrx8vwc8jr6l/jveWB2Qg1Lt9yT5m3CYpZ8b8N4rH.rar/file. Credits to @heinoganda. Archive password: S4QH5TIefi7m9n1XLyTIZ3V5hSv4se1XB6jJZpH5TfB6vkJ8hfRxU7DWB2p The installers created by myself or built by me will be updated from time to time if necessary. Update notifications: 02/26/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 02/24/2022. 03/16/2022: The functionality of @heinoganda's cacert Updater has been restored. cacert Updater Fixed can be downloaded in section Downloads, 04/23/2022: cacert Updater Fixed has been completely recreated due to false alarms of some virus scanners and can be downloaded in section Downloads, 05/10/2022: ProxHTTPSProxy's PopMenu 3V1 has been released. Here is the link to my post of the initial release with the download link: 05/16/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 04/28/2022. 06/05/2022: Both versions of Root Certificate and Revoked Certificate Updater have been updated and are now of 05/24/2022. Conclusion: At the beginning of this thread I said we had to ask ourselves whether these proxies would continue doing their job in the future or not. After all these observations and explanations the answer of this question is quite clear: Yes, of course. But we have to avoid misconfiguration of these proxies, and in addition we know they won't work properly without updating and carrying out maintenance. Doing all these things leads to a general, positive side effect for those loving their Windows XP. If all is done correctly, we are now able to use a freshly generated 10 years valid root certificate of ProxHTTPSProxy or HTTPSProxy at any time as long as Windows XP, Internet Explorer access to WWW, TLS 1.2 functionality, Microsoft Update for Windows XP or the user himself still exists. Disclaimer: All information that I spread here corresponds to my level of knowledge. Most of it has been carefully researched by me. I tested all programs of section Downloads extensively, and they worked properly in my system. Nevertheless, I do not assume any guarantee either for the correctness and completeness or for the implementation of my tips. The same applies to the application of my tools in section Downloads. Therefore all at your own risk! You can use commenting zone below to tell us about your experiences, problems and questions or to provide further tips and recommendations. Any discussions about these proxies are explicitly welcome. If this article has not been able to resolve any issues related to these proxies and you need further assistance with configuring or running them, I will try to help you as much as I can. But one thing must be clear, everything should relate to this article. That means please stay on-topic! If you enjoyed this article or maybe you found it interesting and helpful, I would be pleased about any reaction by liking, upvoting and of course commenting. Kind regards, AstroSkipper


×
×
  • Create New...