Jump to content

Do some websites out-right block connections from IE6 browser?


Nomen

Recommended Posts

The only explanation is that some websites are dependent on SHA 2 and others aren't. From a compatibility perspective it seems silly to require this, why wouldn't the site employ graceful degredation otherwise?

Apparently my school's website isn't dependent on SHA 2 because it loads without issues under Windows 98 and Internet Explorer 5.0.

ie5dom.jpg

Link to comment
Share on other sites


One thing y'all may have forgotten: many https: sites have blocked SSL 3.0 connections since the POODLE attack was discovered. By default IE6 only supports SSL 2.0 and 3.0. You need to go to "Internet Options / Advanced," scroll down to the "Security" section, and check the "Use TLS 1.0" box to work with these sites. While you're there you should probably also uncheck "Use SSL 2.0" and "Use SSL 3.0" since there are exploits known for both of those protocols.

 

It's not a bad idea to do the same thing with other browsers. The details vary from one browser to the next, but the basic idea is the same.

Link to comment
Share on other sites

  • 1 month later...

@loblo: Try adding this to the registry (it's the good old IE9 spoof):

 

REGEDIT4[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent][-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]@=""[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]@=""[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]@=""[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]@=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]@="""Version"="MSIE 9.0""Platform"="Windows NT 5.1; en-US"[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]@=""[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]@=""[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]@=""

Then reboot. Afterwards verify this site and/or this site identiefies your browser as IE9. Then let's see how google and yahoo! react to your browser (AFAIK, trying to spoof IE7 or IE8 is not useful anymore, nowadays).

 

In the Windows Registry entry quoted above there is a small error. Using the color red, I've highlighted the fragment which I think is unnecessary - because the following is repeated twice:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

Edited by egrabrych
Link to comment
Share on other sites

In the Windows Registry entry quoted above there is a small error. Using the color red, I've highlighted the fragment which I think is unnecessary - because the following is repeated twice:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

Sure! Thanks for the heads up! :thumbup

The correct entries for lines 7 and 8 should be:

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

That is: the "Post Platform" shouldn't be present in line 7, only in line 8.

Link to comment
Share on other sites

I'm all for blocking IE totally

did it in past for all lesser than v9

 

but today some pages are so freaking retarded that if you have for example 1 version less of firefox

for example if latest is 35 and you have 34, they automaticly block you out until you "upgrade"

 

I mean c'mon idiots...

who writes such scripts...

Link to comment
Share on other sites

Just to briefly mention about the IE 9 spoof provided by dencorso and the fact that he uses it with XPSP3 ... just caught this today. I have IE 8 on the computer for XP ... I was concerned that the registry change might mess up using the MS Update request under Tools ... I still run it every month and only get MS Office 2007 updates these days.

 

I installed the IE9 Spoof and then ran the Update tool and everything seemed to work OK ... the same as it did before I installed the IE9 Spoof. I never use IE anymore, just for the updates. I use K-Meleon and Pale Moon (Atom/XP) mostly.

 

Thought I would mention this for anyone else thinking about MS Updates.

...

Link to comment
Share on other sites

  • 1 month later...

I installed opera 8.5 and 9.02 today for some tests.

Opera 9.02 still works normally on https sites, but 8.5X branch does not work anymore.

8.5 supports already TLS 1.1 and in some cases it has already the right certificate.

For example https://www.wikipedia.orguse now the Global sign root CA (TLS v1.0 128 bit AES (2048 bit DHE_RSA/SHA)).

Opera 8.5 supports it natively, but every attempt fails now (Unable to complete secure transaction - fatal error 554).

I don't understand it.

p.s. Sorry, i forgot... Both (8.5 and 9) seem to have the same certificates included.

Edited by Commodore
Link to comment
Share on other sites

I take the opportunity for a test with IE7 on xp sp3.
IE7 no more works as well as for opera 8.5.

At this point, i believe that the sha2 compatibility is no more sufficient to explain the blocks

Ah, i also tried old firefox 2 (no tls 1.1 capablity) Well... it loads every page. For example https://www.howsmyssl.com/s/about.html that instead require tls 1.1 protocol! (TLS v1.1 128 bit ARC4 (2048 bit RSA/SHA))
Likewise Opera 9.02 works... but Opera 8.5 doesn't work: Secure connection: fatal error (70). Handshake failed because the server does not want to accept the enabled SSL/TLS protocol versions

Link to comment
Share on other sites

On a related note, I recently set up a Vista computer for someone. IE7 does not work to even view the page to download Microsoft Security Essentials. It gives an operation cancelled message. In order to view that page you have to use Firefox or another browser.

You also need another browser to update the IE version on Vista x86 as anytime you try to use IE to get it, you will be directed to download the x64 version.

Link to comment
Share on other sites

Just adding my 2 cents into this.  I found the same thing out a few years ago with IE6.  One day I just simply got the same message from Google and Yahoo.  Figured that was the day they stopped supporting IE6.  On other web pages I would get a message like "Upgrade your browser to a newer version" which always made me laugh since on 98/ME IE6 is as far as you can go.  So I thought that was stupid of them since they could have also queried the registry to find out the version of the operating system and realize that I could not update to a newer version and offer some kind of different message.  I have a triple boot system with 98/ME/XP and just this past spring the same thing started happening with IE8 on XP.  So IE8 is now in the same boat as IE6.  Fortunately I have FireFox in all 3 systems and can still access any website that way from any of my OS's.  However Firefox does not have the seamless interaction between Windows Media Player or Outlook Express that Internet Explorer does.  Also Firefox does not offer a "Save Target As" option when you right click on something you want to download like IE does.  Really like that option in IE.  It's a trade-off.  And thanks for the additional info on tweaks.  I'll try it and see.

Link to comment
Share on other sites

I have to thank sdfox7 for that Active Scripting tip, I got here without having to press stop script once! I have Firexfox 8.0.1 and Opera 11.64, but my lowly PII 333 takes a little while to start those up, they use more memory, and I mostly use the browser to get files and customizations for Win98. IE6 SP1 is much faster and less of a pain to use now!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...