Jump to content

RetroZilla: An updated version of Mozilla for Windows 95 and NT4 [2.2 RELEASED]


Recommended Posts

I'm getting this protocol error again: Firefox can't connect securely to (...).storage.googleapis.com because the site uses a security protocol which isin't enabled. This is with Roytam's 5/4/2018 firefox with DLL's copied from Retrozilla 2.2 (2/23/2019). As mentioned just above, I had seemingly fixed this error by copying all files from root of Retrozilla folder to the Firefox folder, copying over all DLL's with the same name. This allowed the content from the above URL to be displayed.

Just this morning I'm seeing this same error again. I have no googleapis cookies, I've cleared the firefox cache, and my system time and date clock are correct. I can copy the link to the offending googleapis file (its a jpeg) to Opera 12.02 and it is rendered just fine. It is also rendered just fine on Netscape Navigator 9.0.0.6.

With netscape 7.2, I first get a "website certified by unknown authority" which according to Details is Google Internet Authority G3. I can accept the certificate, which I do, and then I get this error: Netscape 7.2 and (...).storage.googleapis.com cannot communicate securely because they have no common encryption algorythms.

Retrozilla 2.2 can display the image with no protocol issues. I had both Retrozilla 2.2 and Roytam firefox (with retrozilla DLL's) side-by-side while viewing https://www.ssllabs.com/ssltest/viewMyClient.html and they seem identical. Opera 12.02 has a much shorter list of Cipher Suites, but all the ones it is is showing are also showing on Firefox. But Opera is supporting "OCSP stapling" and Firefox is not (neither is retrozilla).

Any ideas how to get to the bottom of this? Are security protocols and ciphers negotiated based on browser user-agent?

 

Edit:  And today, looking at the same website that has all these storage.googleapis jpg files on it's site, everything is working fine again.   What is going on with this?

Edited by Nomen
Link to comment
Share on other sites

  • 2 weeks later...

I am far from sure but even after running certain programing CometBird 9 can be short of available memory. I need to reboot to reinstate resources. I think CometBird 9 must just work.

Just like to add this was a rarity & it does not happen anymore. It was due to experimenting with new programs I think.

Edited by Goodmaneuver
Link to comment
Share on other sites

  • 3 months later...

To anyone who may read this post, Retrozilla does support AES-GCM cipher suites, but you need to enable them through about:config. search "security.ssl3" then create a new Boolean "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256" and "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256". Retrozilla works very well, and I'm excited for the next version (especially a 3.0 release).

Edited by ClassicNick
correcting the position of "128", and "gcm"
Link to comment
Share on other sites

  • 1 month later...
On 12/2/2019 at 10:10 AM, ClassicNick said:

To anyone who may read this post, Retrozilla does support AES-GCM cipher suites, but you need to enable them through about:config. search "security.ssl3" then create a new Boolean "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256" and "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256". Retrozilla works very well, and I'm excited for the next version (especially a 3.0 release).

a pull request about enabling aes128-gcm-sha256 in pref has been created. https://github.com/rn10950/RetroZilla/pull/40

and also NSS code changes for support SHA384 have their own pull request: https://github.com/rn10950/RetroZilla/pull/38

Link to comment
Share on other sites

Thank-you roytam1 and rn10950 for your good work. After extensive testing there is no doubt RetroZilla is the most capable browser for vanilla Windows 98 at this time. Hopefully there will be a new build in the not so distant future.

Please consider the additional cipher information link if a new build is planned. Developers are welcome to incorporate all or parts of the RetroZilla Search Engine Collection into new builds. Both the RetroZilla Extensions Collection and NoScript extension links contain extensions tested to work well in RetroZilla v2.2, should rn10950 populate the proposed repository at https://rn10950.github.io/RetroZillaWeb/extensions.html.

Additional cipher information:
https://msfn.org/board/topic/177106-running-vanilla-windows-98-in-2020/page/15/?tab=comments#comment-1174993

RetroZilla Search Engine Collection:
https://msfn.org/board/topic/177106-running-vanilla-windows-98-in-2020/page/15/?tab=comments#comment-1175158

RetroZilla Extensions Collection:
https://msfn.org/board/topic/177106-running-vanilla-windows-98-in-2020/page/16/?tab=comments#comment-1175386

RetroZilla NoScript extension:
https://msfn.org/board/topic/177106-running-vanilla-windows-98-in-2020/page/15/?tab=comments#comment-1174709

Link to comment
Share on other sites

  • 2 weeks later...

As a Christmas day gift (Update on April 1st?), RoyTam1 released a K-Meleon 1.5.4 build with TLS 1.2 support. At the end of Page 43, we were notified of "SHA 384 update", which means ECDHE_RSA_AES_256_GCM_SHA384 support. The AES GCM cipher suites are enabled by default in this build. For Windows 95/98, an updated "COMCTL32.DLL" from Internet Explorer 5 or later is required (This is step is not required for Windows 98 SE or newer). Once you have that installed, you need at least the "MSVCR71.DLL" and possibly the "MSVCP71.DLL" file in the directory RoyTam1's K-Meleon resides in. The way I recommend copying the files is to install K-Meleon 1.5.4 from the executable file (7zip version will not work).

Link to comment
Share on other sites

ClassicNick said:
> As a Christmas day gift (Update on April 1st?), RoyTam1 released a K-Meleon 1.5.4 build with TLS 1.2 support

Attention NOT portable Profiles!
The build itself is great, with TLS1.2 to get rid of most "no cipher_overlap" errors, just a little warning:
7z builds of KM used to be portable out-of-box, yet this one is NOT.
The switch-file "profile.ini" (can be empty) is missing in the root folder.
That means if you already have an older KM-profile in your systems, from whichever (younger?) KM-version, this build will snatch it and possibly modify it.
Strongly recommend to make a backup copy of your previous KM-profiles before starting this.
Or better, modify it to always start with the ProfileManager.

Link to comment
Share on other sites

On 1/20/2020 at 6:56 AM, siria said:

ClassicNick said:
> As a Christmas day gift (Update on April 1st?), RoyTam1 released a K-Meleon 1.5.4 build with TLS 1.2 support

Attention NOT portable Profiles!
The build itself is great, with TLS1.2 to get rid of most "no cipher_overlap" errors, just a little warning:
7z builds of KM used to be portable out-of-box, yet this one is NOT.
The switch-file "profile.ini" (can be empty) is missing in the root folder.
That means if you already have an older KM-profile in your systems, from whichever (younger?) KM-version, this build will snatch it and possibly modify it.
Strongly recommend to make a backup copy of your previous KM-profiles before starting this.
Or better, modify it to always start with the ProfileManager.

Thanks for the heads up.

Link to comment
Share on other sites

  • 2 weeks later...

roytam1 said:
> another update for having ChaCha20-Poly1305 encryption support, also fixed Font selection in NT 3.51:
> http://rtfreesoft.blogspot.com/2020/01/other-browser-binaries-20190131.html

> Various browsers updated having TLS 1.2, AES256-GCM-SHA384,
> ChaCha20-Poly1305, AES[128|256]-GC-SHA256 support:

Fantastic! So this mean that ALL those browsers got this update, on 20190131? Great!
If yes, readers will need a clear hint that this new date also means those 2 builds, that they just have a wrong date in filenames:
http://o.rths.ml/gpc/files1.rt/KM74-g22-20180718.win2000.7z
http://o.rths.ml/gpc/files1.rt/palemoon-26.5.0-20180718.win2000.7z

2019?? No wait, it's 2020...
Would really be great to have that post findable by a web SEARCH too. For stuff like... "Win2000, Win9x browsers with TLS 1.2"....? And the post could also give a hint to those people who really need such builds, but are no experts, that the main purpose is to allow access again to lots of blocked sites, which otherwise show in old browsers only the infamous killer errors "secure connection failed" or "ssl_error_no_cypher_overlap" or "security protocol which isn't enabled" or "unable to complete secure transaction" etc... again, for Google hits too.
Of course, the min OS version for the various builds is also crucial for people really needing such browsers. OS-versions could also be added as search tags...

Ah, sorry, and while at it, KMz154 is still missing the empty file "profile.ini" in the root folder!
Just a simple text file which makes KM run in portable mode (=profiles inside). This is a huge prob, otherwise at first run it will mess already existing younger profiles (if existing). Traditionally all KM 7z builds used to be portable.

Edited by siria
Link to comment
Share on other sites

4 hours ago, siria said:

Ah, sorry, and while at it, KMz154 is still missing the empty file "profile.ini" in the root folder!
Just a simple text file which makes KM run in portable mode (=profiles inside). This is a huge prob, otherwise at first run it will mess already existing younger profiles (if existing). Traditionally all KM 7z builds used to be portable

because original zip file doesn't contain it

Link to comment
Share on other sites

> because original zip file doesn't contain it

Okay, after checking the official download page and looking inside the packages, it actually seems the tradition of 7z being by default portable builds started only with KM1.6.
But still, that's no reason to never improve it, considering it may be problematic for user profiles, and no one is aware before it's too late.
Your KG74 + KG76 builds contain that switcher file too, and the official old KM74.7z too, and just about all other 7z since KM1.6

Edited by siria
Link to comment
Share on other sites

Don't mean to sidetrack but felt compelled. Developers can do what they want and i am thankful for your work roytam1. Everything is configurable but to me siria has a point. Not everyone has unlimited time or ninja search skills to figure out what works, sometimes things should just work. Similarly with new RZ releases, if the necessary cipher configs aren't defaulted in the build, the user installs a browser that doesn't connect. Same thing with broken default search engines. Just my opinion, thanks for everyone's hard work on this forum to keep the software relevant.

Link to comment
Share on other sites

3 hours ago, Wunderbar98 said:

Not everyone has unlimited time or ninja search skills to figure out what works, sometimes things should just work.

Agreed! :yes: For those users there's the latest iPhone. For the other users who need video tutorials spoon-feeding them in baby steps, the latest iPhone is also a good bet. :whistle: Now, for those who love to experiment and find out things for themselves, for those who are game for reinstalling a zillion times with minor variations, all the while taking accurate notes and making reliable, know-to-be-good, image backups, well... for those, a retro OS like 9x/ME or OS/2 or even DOS can be an enjoyable hobby or even a day-to-day (more difficult nowadays) general-use OS. :yes:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...