Search the Community
Showing results for tags 'IE8'.
Original January 4, 2019 post title was "Update IE8 to TLS1.2 for (nearly) Last Skype 126.96.36.199 on Windows XP". Update title changed May 1, 2019. Readers wanting Skype-specific info should page or find down to the ORIGINAL INTRODUCTION. UPDATE INTRODUCTION: This compiled procedure, Instructions To Add TLS1.2 To Windows XP OS & IE8, turns out to be useful for non-Skype purposes, and may now be obsolete for the intended purpose of running Windows XP Skype 188.8.131.52 (see posts below). For convenience of other readers, I've reorganized the original post so that the procedure steps now start near the top. I've also edited OS registry variations in steps 9A and 9B, made a change in step 11, and added a 12th procedure step, each helpfully noted by posters below. ----------------------------------------------------------------- INSTRUCTIONS TO ADD TLS1.2 TO WINDOWS XP OS & IE8 (Compiled from MSFN source posts credited) ----------------------------------------------------------------- 1) If not already updated, download and install Microsoft's updated Windows Installer 4.5 (KB942288-v3) from https://download.microsoft.com/download/2/6/1/261fca42-22c0-4f91-9451-0e0f2e08356d/WindowsXP-KB942288-v3-x86.exe 2) Set a System Restore point marked, say, "Spoof POSReady ID registry edit" 3) Put the following POSReady spoof text (omit the hyphen lines) in POSReady.txt, rename to POSReady.reg, right-click Merge, Yes. ---------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady] "Installed"=dword:00000001 [<-- BLANK LINE] [<-- BLANK LINE] ---------- 4) Navigate to: https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276 5) Find down to POSReady, Windows XP Embedded versions of KB4019276 Click Download button for that version. Click English in the opening language window (or other language). 6) Navigate to: https://www.catalog.update.microsoft.com/search.aspx?q=KB4230450 7) Find down to POSReady, Windows XP Embedded versions of KB4230450: Click Download button for that version. Click English in the opening language window (or other language). 8) For each KB file: click, accept install, reboot. (Both create restore points just in case.) 9) Edit the following Windows XP registry entries in 9A and 9B to read as shown. If you aren't sure how, look up Regedit 5 editor instructions. For convenient automatic registry edit-merge, these lines may be pasted into Notepad text files, renamed .reg ,then just click the file after closing it (expect no response). (But to be careful, I edited them manually with Regedit 5.) 9A) After navigating the chain of registry keys, click the key TLS1.1, in the right panel, right-click "OSVersion", click Modify, enter the Value data already shown (not sure why), click OK. (I had to change "184.108.40.206.0" to "220.127.116.11.0" shown in obvious German in the source.) (EDIT: Other posters report below that if this key is absent, this step may be safely skipped.) ---------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1] "OSVersion"="18.104.22.168.0" ---------- 9B) Next click the key TLS1.2, in the right panel, right-click "OSVersion", click Modify, enter the Value data shown above, click OK. (Likewise I had to change "22.214.171.124.0" to "126.96.36.199.0") (EDIT: Likewise, if missing, skip this step.) ---------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2] "OSVersion"="188.8.131.52.0" ---------- 10) Click Start, hover Control Panel, click Internet Options, Advanced tab, pull the thumb bar all the way down. You should see new checkbox options for "Use TLS 1.1", "Use TLS 1.2". (KB4230450 will install these checkboxes, but they won't work without KB4019276.) 11) Check "Use TLS 1.2". Leave unchecked "Use TLS 1.1" (already obsoleted by TLS 1.2; and, TLS 1.3 was approved in 2018). (EDIT:) Leave checked "Use TLS 1.0". Click OK. The TLS 1.0's AES component is not insecure. TLS 1.0 may best remain checked for legacy websites needing AES or 3DES. (See explainers in posts below.) 12) (EDIT:) The following registry edits disable TLS 1.0's insecure cipher suites: DES, RC2, RC4, plus the insecure MD5 cipher hash. 3DES may be disabled optionally, but legacy websites without AES may need 3DES (Triple DES). TLS 1.0's secure cipher suite AES remains enabled, unchanged (no edit shown). Edit the following registry entries to read as shown: ---------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5] "Enabled"=dword:00000000 ---------- You may need Triple DES (3DES) at websites which don't (yet) support AES. Here is the optional edit (not yet recommended) to disable 3DES (0's mean Not "Enabled", equals Disabled): ---------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168] "Enabled"=dword:00000000 ---------- The above registry edits (manual for transparency) are included in a larger set of one-click automatic edits in a download .reg file posted below. Pardon any source text compiling errors. If you have problems, try reading the sources (long). Source posts credited: ● https://msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/ POSReady 2009 updates ported to Windows XP SP3 ENU By glnz, March 19, 2013 in Windows XP ● https://msfn.org/board/topic/177500-upgrading-ie8-to-tls-12/ Upgrading IE8 to TLS 1.2 By Thomas S., June 9, 2018 in Windows XP ● https://msfn.org/board/topic/178087-update-ie8-to-tls12-for-nearly-last-skype-7360150-on-windows-xp/ Update IE8 to TLS1.2 for (nearly) Last Skype 184.108.40.206 on Windows XP By Mathwiz, January 4, 2019 in Windows XP ---------- ORIGINAL INTRODUCTION: I'm posting a step-by-step fix to add TLS1.2 to IE8, so that Skype 220.127.116.11 (for a few months did) run on Windows XP-SP3. (While 7.41.x.x may be actual "last" for WinXP, it may or not nag you to "update", requiring a separate fix or version downgrade. My version 7.36 didn't get the nag, and 7.40 was also reported to lack the nag when it mattered before April 12.) I've compiled pieces of the fix puzzle I found elsewhere on MSFN, because the complete fix isn't obvious to WinXP Skypers searching from elsewhere on the web. The fix isn't that difficult, but the usual warnings that novices should back up the registry before editing it, do apply. The download KB file installs, and each set their own restore points. I hope just setting a Restore point before starting the edit will be adequate. I haven't used my desktop PC WinXP-SP3 Skype (mostly chat) for months while the power supply was down. Yesterday I fixed it. To my surprise, Skype errored with "Sorry, we couldn't connect to Skype. Please check your Internet connection and try again." But the internet was ok. Many Skypers aren't techies, and most of the posted complaints about "Sorry, we couldn't connect to Skype", don't have a fix other than get a new OS like Win7, or use web Skype. For good reasons, we don't want to give up WinXP, at least as a backup to Win7 (or even Win8.1 for my keytablet). I've thoroughly tested Win10, but I'm not interested in that control-freak bugfest. One elsewhere-posted answer with no fix, helpfully explained that Skype had switched to using the more secure https encryption protocol TLS1.2. Skype for WinXP uses the SSL/TLS protocols built into Internet Explorer 8, which is the last Internet Explorer version for WinXP. IE8 normally has a maximum version of TLS1.0. Skype servers apparently turned off insecure TLS 1.0 sometime after I had to quit using this Skype last year (2018). So the fix is to add TLS1.2 to IE8, and it did work for me. At MSFN I found the bitter-end holdouts on WinXP, same website where I found the Win98 bitter-enders. (Btw, one poster at MSFN said the famous Windows OS bitter-ender AXCEL216 aka MDGx aka George, is still alive!). One or more MSFN gurus noticed that Microsoft is still updating Windows XP embedded OS for computerized cash registers (etc.), a WinXP variant known as "POSReady" (POS= Point Of Sale). They figured out how to spoof WinXP-SP3's identity, so that it will pose as, and accept POSReady updates, including those which to add TLS1.2 to IE8. (If still relevant to Skype readers, do the procedure above. Even if another post-April 12 Skype for XP fix is found, this procedure will likely be needed as well.) When I did this procedure (in January of 2019), the "we couldn't connect to Skype" error went away. However, a new sub-login dialog appeared that only allows a Microsoft school or business account. This dialog went away after I clicked on an existing chat account. (See new Skype 7 login obsolescence described in posts below, first reported elsewhere as of about April 12, 2019.) I hope this helps. Al
So i previously made a post titled, "modernize ie6," After coming to a decision to upgrade to ie8, I realized it was a lot better, although not perfect at all, but usable. I kind of just got bored with ie6. So the point of my new project, is modernizing not ie6, but ie8. If you don't know, there's a lot of sites that depend on tls 1.1 or 1.2, while ie8 in XP doesn't support either. For example, Wikipedia. Even that (a mostly text based site) wont load. "This page cannot be displayed" Im sure you all have seen that error at some point in time. So heres a few goals: -tls 1.1 and 1.2 support (SOLVED) -html5 support (if thats even possible) -ecc support -acid3 support -better speed (really slow on some sites compared to Firefox or anything else, if thats even possible to fix) - other miscellaneous things you think would be helpful So feel free to reply if you know of anything. Thanks! DISCLAIMER: please don't say stuff like, "lol why r u using ie8?" or "just use another browser" or maybe even "ie8 is dangerous because its not supported by Microsoft, use Firefox!" Because you see that ruins the point of my experiment, I already have other browsers, I just want to see what I can do with ie8.
I have previously attempted to use nLite, but with unsatisfactory results because it breaks things and unattended setup never seems to work the way I want it to. I know thousands of people swear by it, so the problem could be me. Anyway, I took the plunge with HFSLIP and the results have exceeded my expectations. I was skeptical about it's ability to slipstream WMP11 and IE8 after reading some comments in forums and articles online, especially as the official HFSLIP website does not inspire confidence in slipstreaming these items. I used these files in the HF folder -wmp11-windowsxp-x86-enu.exe and IE8-WindowsXP-x86-ENU.exe, along with 134 security and hotfix updates, excluding the security updates for IE8 and WMP11. Everything integrated without hitch and once Windows XP Home Edition was installed Automatic Updates provided a list of the security updates needed for these two applications. It seemed unlikely that HFSLIP could integrate their security updates without them being slipstreamed into Windows first, then running HFSLIP a second time on the Sources folder to slipstream their updates. However, I did make a second ISO with IE8, WMP11 and their updates slipstreamed together, and once Windows was installed Windows Update did not indicate that these updates were required. I tried running WMP11 by playing an mpeg, avi and wmv file and everything seemed fine. IE8 appeared to be working OK. The only problem I experienced was UnattendSwitch="Yes" in winnt.sif that is attended to suppress the 'Lets setup Windows XP now' wizard. I found that it produced a number of spurious User sub folders in the Documents and Settings folder. I was particularly surprised at the successful integration of WMP11, because nLite cannot use the Microsoft installer, but requires the WMP11 Slipstreamer to be used first on the source. Similarly, nLite cannot slipstream the Microsoft DX9.0c June 2010 update, but needs a custom addon instead. From my limited experience of HFSLIP I conclude that it is the most powerful and flexible XP/2K/2003 slipstreamer available, and although it presents a steep learning curve for newbies, the time and effort mastering it is worthwhile. OK, where do you make a donation? winnt.sif