PROBLEMCHYLD Posted August 12, 2015 Posted August 12, 2015 (edited) I have found a gem for Windows 9x that allows us to connect to (Servers) that requires SSL Authentication. I pursued this endeavor because of the annoying pop up in Outlook Express. The server you are connected to is using a security certificate that could not be verified.0x80096004Do you want to continue using this server? (yes)(no) I have created a Unofficial installer with all of the necessary files. The tool allowed me to connect to Outlook with no errors whatsoever. I thought I would share it with you guys. Some of you can go back to using your classic/favorite apps in the meantime that requires SSL Authentication. Here are the links if you want to do everything manually. 1. Original site with the latest version and source code. https://web.archive.org/web/20031003172432/http://pftp.suxx.sk/winsslwrap/ 2. Your gonna need blackwingcat openssl files http://blog.livedoor.jp/blackwingcat/archives/1591502.html 3. A reference webpage that I found that got me started http://oifan.xf.cz/WinSSLWrap/doc/winsslwrapHOW-TO.html Take a close look at the image. I have added the SSL port numbers in the preset file. The installer creates a shortcut in the startup folder, so it runs in the background, as it should. As you can see, Google shook my hand and acknowledge the SSL. The installer does most of the work, but users need to configure each app to use localhost, which is present in the screenshot. Please let me know if I have missed any ports or if I have any of them wrong. Virus Scanners might flag, but I'm pretty trustworthy and have no intentions messing up any computers. USE AT YOUR OWN RISK! All credit goes to Eric Young for the delightful app and blackwingcat for the patched openssl files. Enjoy. Download here http://www.htasoft.com/u98sesp/download98ssl.php Its back to my cave. P.S Users need to log off and then login after installation. Edited November 3, 2019 by PROBLEMCHYLD 4
PROBLEMCHYLD Posted August 14, 2015 Author Posted August 14, 2015 Great work! It works for any server?I have only tried SSL Authentication with Outlook Express. I don't know about other apps because I don't get pop ups. I will gradually post screen shots and instructions on how to configure some software. We all use different programs, so each configuration is going to be different.
PROBLEMCHYLD Posted August 17, 2015 Author Posted August 17, 2015 It works for any server?I was able to connect to my FTPS server using classic versions of WS_FTP LE 5.08 and 6.0. They both worked with no problems. So its safe to say as long as you configure the app that requires SSL Authentication correctly, you shouldn't have any problems.
Mathwiz Posted August 18, 2015 Posted August 18, 2015 Very useful. Thanks. BTW, I've used a similar product called "stunnel" on Windows XP. This app does the same thing, and is easier to set up (stunnel required manually editing a configuration file, but this one can be configured right from the GUI). It uses a current version of the well-regarded OpenSSL platform (specifically, 1.0.1p) so it'll support all the latest SSL and TLS protocols and features. It could use a little more explanation, but it's not hard. For those who are lost; first, start the program. It's installed in "C:\Program Files\SSL Protocol" and is named wrap.exe. You'll probably want a shortcut to wrap.exe in the Startup folder of your start menu so it starts every time you boot up. Once it's running you'll see a "WIN SSL" icon in your system tray. Next, say you want to set up secure email on a client such as Outlook Express. Set up an account on OE with "localhost" as the server names for POP, IMAP, and/or SMTP (whichever protocols you want to secure). Tell OE the connections to "localhost" are not secure. Then click the "WIN SSL" icon in the system tray, click "Services," put the real server names in the corresponding protocols (and if you use gmail, they're already filled in for you), click OK, then minimize (don't close) the window. Now OE will connect to wrap.exe, which listens on localhost, and wrap.exe will make the secure connections to the actual server(s), avoiding the problems of Win98's schannel.dll not supporting new certificates and protocols. Secure email is the most obvious app, but you can use it with other TCP/IP protocols too. I used it to secure a Telnet connection and it works fine. Its only weakness is HTTP (e.g., web browsing). With email, you usually have only one server per protocol to secure, but with HTTP, there are millions (billions?). Luckily, for straight browsing, there are good alternatives to IE6, so a program like this isn't needed. But if you're using Outlook or OE, Win98 is still using IE6 to open linked images and the like, so email will work but you may see a lot of blank image boxes in some of your emails.
PROBLEMCHYLD Posted August 18, 2015 Author Posted August 18, 2015 (edited) Thanks Mathwiz I have plans to post configurations and screenshots for some of the software I use. I also added to the first post, the installer already creates a shortcut in the start up folder, users need to either start it manually or log off and log back in. Did you use the default TNET=TELNET SSL in the preset or did you create another? Also users need to remember, apps that uses firewalls or proxies etc.... needs a more surgical approach. Thanks for the help on instructions, it took me a hot minute to figure some things out because the original instructions are very vague. You would think its simple, (of course to us geeks) but newbies will definitely have some issues. Another thing I noticed, it works somewhat like a firewall. If configurations are wrong, you will not get a connection to whatever server you try to connect to. Are all the ports correct in the preset? The installer should work on Win95, Win98 FE and WinME. Edited August 18, 2015 by PROBLEMCHYLD
Mathwiz Posted August 18, 2015 Posted August 18, 2015 I used the default for Telnet; just entered the host name. For my application (an IBM AS/400) I had to add a couple more forwards (insecure port 8470 to secure port 9470, and the same for 8476 / 9476). But that's specific to the AS/400 and its Telnet client software. A generic Telnet application wouldn't need those extra forwards. All the presets looked correct. The HTTP preset is probably unnecessary for most users. It might come in handy for securing a connection to an HTTP proxy, although in that case the port numbers might not be the default. But I'd think anyone using a secure HTTP proxy would know what port to use.
PROBLEMCHYLD Posted August 18, 2015 Author Posted August 18, 2015 Thanks again. Did you figure out how to use the KEYGEN.BAT? This is the original name from WinSSL and it creates .pem files. I really don't know how to use it. I guess we'll figure it out eventually.
Mathwiz Posted August 19, 2015 Posted August 19, 2015 (edited) I haven't looked at keygen.bat yet, but from the sound of it, I'd guess it's used to generate private/public key pairs. (OpenSSL.org is revamping their site and their docs are temporarily screwed up, so I can't tell much more at the moment.) I'll take a closer look tonight and reply back, but if I'm right, you probably only need it to create your own certificates, for one of two purposes:Client certificates (to be used instead of a user ID & password to identify yourself to a server) If you're running your own server and want to secure it with SSL (using wrap.exe in reverse of how you and I are using it)Edit: I was right. It uses OpenSSL to generate a private/public key pair. Technically, it generates a 2048-bit RSA key, which is the de facto standard for SSL certificates today. The public key is included in a certificate that is set to expire after one year. OpenSSL will prompt you for identifying info for the certificate. The batch file then combines the certificate and private key into a .pem file, presumably for use with wrap.exe. (Since the .pem file contains your private key, you should not give it to anyone else.) End of Edit. So most folks probably don't need to worry about it. BTW, here's a definition I found here for the .pem file format:.pem Defined in RFC's 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. The name is from Privacy Enhanced Email, a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.Also of note, from the same page:.der A way to encode ASN.1 syntax in binary, a .pem file is just a Base64 encoded .der file. OpenSSL can convert these to .pem (openssl x509 -inform der -in to-convert.der -out converted.pem). Windows sees these as Certificate files. By default, Windows will export certificates as .DER formatted files with a different extension. Like....cert .cer .crt A .pem (or rarely .der) formatted file with a different extension, one that is recognized by Windows Explorer as a certificate, which .pem is not. Edited August 20, 2015 by Mathwiz
PROBLEMCHYLD Posted August 20, 2015 Author Posted August 20, 2015 (edited) Follow the tabs in the screenshots. SE=Self-ExplanatoryReplace the names in the shots with your actually information. As you can see, servers are localhost. Thats it, thats all. This is how to get Outlook running. As I said before, each app will be configured differently depending on the features. Since the presets are correct, users only need to set Remote Host in WinSSL and set server to localhost in the application.To sum it up1. Make sure WinSSL is running in the background.2. Set Remote Host to whatever server you are trying to connect to for that specific protocol. Use the screenshots examples.3. Set the apps you plan to use to localhost if it has a server option. After that, make sure all encryption is unchecked in the app. Edited August 21, 2015 by PROBLEMCHYLD 1
Nomen Posted August 22, 2015 Posted August 22, 2015 I make extensive (even insane) use of my HOSTS file to block contact with any host that I figure my win-98 computer doesn't need to talk to. I add entries based on what I see when I examine web-page code and also what my router shows in the out-going contact logs. Some of these entries probably makes browsing on some sites difficult or impossible (it's hard to know which entries are responsible) but if FF2 can't perform then Opera 12.02 frequently can.In an effort to see if I can serve up some of the frequently accessed files locally, I installed Abyss Web Server free version, which you must choose either http or https service (I chose https). So it serves up quite a lot of .js files that I've retrieved manually and placed in the local web-server directory (214 files at last count, 90 of them being .js files, 22 of them .css files, etc). Various jquery.js files being the most common. I examine these .js files (expand them when necessary and store them that way) and look for references to other hosts and mung them for the fun of it.I mention all this because one of the things that Abyss has is this:the host that is shown in that example (apis.google.com) is currently rem'd out in my hosts file. It will serve up TLS/SSL ciphers on port 443 for any hosts that I have in my HOSTS file. Here is the Abyss help-page for these functions: http://www.aprelium.com/data/doc/2/abyssws-win-doc-html/ssl.htmlI don't know if any of this would help outlook when contacting a mail host (like gmail) as a way to get around SSL or Certificate errors during login... ? 1
PROBLEMCHYLD Posted August 22, 2015 Author Posted August 22, 2015 (edited) I make extensive (even insane) use of my HOSTS file to block contact with any host that I figure my win-98 computer doesn't need to talk to.I think you must have HOSTS and localhost confused. WINSSL has nothing to do with HOSTS files, it simply shakes hands with a server that has SSL encryption and allows Win98 to connect.. Thats it, thats all. There is a batch file that create .pem certs. I guess they could be equivalent to each other. Edited August 22, 2015 by PROBLEMCHYLD
Tommy Posted August 23, 2015 Posted August 23, 2015 Just tried this out, works PERFECTLY! No more nagging popup which really wasn't the worst thing in the universe, but it's nice that it's gone now.
jimmsta Posted August 24, 2015 Posted August 24, 2015 Thanks for continuing to contribute to this community, and old operating system. This is an excellent workaround to the connection problems that left me scratching my head.
Mathwiz Posted August 25, 2015 Posted August 25, 2015 I make extensive (even insane) use of my HOSTS file to block contact with any host that I figure my win-98 computer doesn't need to talk to.I think you must have HOSTS and localhost confused. WINSSL has nothing to do with HOSTS files, it simply shakes hands with a server that has SSL encryption and allows Win98 to connect.. Thats it, thats all. There is a batch file that create .pem certs. I guess they could be equivalent to each other.It isn't totally obvious what Nomen is doing, but my guess is he's using a trick I also use: putting the IP address of localhost (127.0.0.1) into my HOSTS file for web sites I don't want to connect to (e.g., banner advertising sites). This can speed up browsing because instead of wasting time downloading ads you didn't want to look at anyway, your browser just tries to download the ad from your own PC. A problem with this trick is that where the ad was supposed to appear, you get an ugly rectangular box with no image to fill it. To get around this, I use a "local only" web server on my PC that feeds small "dummy" images to fill those boxes. However, this only works with blocked http: sites, not https: ones. I thought about using WinSSLWrap for the blocked https: sites. My idea was to use it in reverse, letting it listen on port 443 using SSL, and connect to my local web server on port 80. But then I realized it wouldn't work: it would always serve the same certificate, no matter which site the browser was trying to access, and that would trigger the browser's "site name mismatch" warning.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now