NotHereToPlayGames Posted April 20, 2024 Posted April 20, 2024 Guys, sorry for the late arrival. There is a lot of true info in these recent posts, there is also a lot of misleading half-truths. I shall attempt to clear the air, but sometimes that is impossible here at MSFN when people doing the discussing already have preconceived notions (which may result in this being my ONLY reply to these recent posts). I speak solely towards my 360Chrome v13.5.1030 Redux as that is the only version I still use. My other versions "should" be the same in this regard. First, yes, it is "true" that iTrusChina Co.,Ltd. is LISTED in the Trusted Certificates Store - that is not the same thing as saying it is being "used" by 360Chrome. The USE of this certificate is "supposed to be" BROKEN in my builds. Now then, with that said, how do we PROVE that the USE of this cert is BROKEN? You must must must first locate a web site that USES that cert! https://valid-isrgrootx2.letsencrypt.org/ does NOT use that cert - it uses "E1". More importantly, it uses "ECDHE_ECDSA" as the key exchange mechanism - this is not compatible with WinXP and cannot be made compatible with WinXP. My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP! 2
Klemper Posted April 20, 2024 Posted April 20, 2024 4 hours ago, CallCateIn58 said: https://caprogram.360.cn/#trust "360 Browser usually trusts the root certificate trusted by the underlying operating system, but now it will also configure its own root trust store. 360 reserves the right to remove any certificate." I don’t know whether 360EE preferentially uses the root certificate trusted by the operating system or the root certificate trusted by 360. Wow! Interesting, so they confirm it's malware themselves! "360 reserves the right to remove any certificate!" ?!??! Does this updater have a protection mechanism for such malicious actions?
Klemper Posted April 20, 2024 Posted April 20, 2024 3 hours ago, NotHereToPlayGames said: First, yes, it is "true" that iTrusChina Co.,Ltd. is LISTED in the Trusted Certificates Store I'm confused, so this cert updater programme stuffs the cert store with China certs?
CallCateIn58 Posted April 20, 2024 Posted April 20, 2024 19 minutes ago, Klemper said: Wow! Interesting, so they confirm it's malware themselves! "360 reserves the right to remove any certificate!" ?!??! Does this updater have a protection mechanism for such malicious actions? 360 emphasizes that the certificate removal strategy even includes root certificates trusted by the operating system. Of course, the browser cannot delete the system root certificate but blacklists the certificate itself.
CallCateIn58 Posted April 20, 2024 Posted April 20, 2024 6 minutes ago, Klemper said: I'm confused, so this cert updater programme stuffs the cert store with China certs? You mean Microsoft certs is China Certs?
Anbima Posted April 20, 2024 Posted April 20, 2024 2 hours ago, NotHereToPlayGames said: My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP! If the problem is XP, why does it work with an older MyPal 28.3?
66cats Posted April 20, 2024 Posted April 20, 2024 1 hour ago, Anbima said: why does it work with an older MyPal 28.3? It doesn't for me, though it does work in XP+Supermium. 1
66cats Posted April 20, 2024 Posted April 20, 2024 14 minutes ago, Anbima said: Have you updated the root certificates? Don't think so, but just updated now. Same results.
NotHereToPlayGames Posted April 20, 2024 Posted April 20, 2024 1 hour ago, Anbima said: If the problem is XP, why does it work with an older MyPal 28.3? Mozilla does not use XP's cert store. This thread updates XP's cert store and will not affect any browser's INTERNAL cert store, it will only effect the OS cert store. Two different stores entirely. 2
AstroSkipper Posted April 20, 2024 Posted April 20, 2024 4 minutes ago, NotHereToPlayGames said: Mozilla does not use XP's cert store. This thread updates XP's cert store and will not affect any browser's INTERNAL cert store, it will only effect the OS cert store. Two different stores entirely. Yep! And that's a good example why TLS protocols and certain cipher suites can be used in Windows XP although this OS can't handle them natively. 2
Anbima Posted April 20, 2024 Posted April 20, 2024 20 minutes ago, AstroSkipper said: Yep! And that's a good example why TLS protocols and certain cipher suites can be used in Windows XP although this OS can't handle them natively. Is your ProxHTTPSProxy's made to work again?
Anbima Posted April 20, 2024 Posted April 20, 2024 On 4/19/2024 at 12:49 PM, FranceBB said: No problem on Chromium 108.0.5359.125 (Developer Build) (32-bit) on my Windows XP x86: What kind of development is this? Is it stable and fast? Where can I download it?
NotHereToPlayGames Posted April 20, 2024 Posted April 20, 2024 On 4/19/2024 at 7:49 AM, FranceBB said: No problem on Chromium 108.0.5359.125 (Developer Build) (32-bit) on my Windows XP x86: We have to assume that you are using One-Core API, correct? 2
AstroSkipper Posted April 20, 2024 Posted April 20, 2024 (edited) 48 minutes ago, Anbima said: Is your ProxHTTPSProxy's made to work again? Here is a llst of all cipher suites and TLS protocols offered by ProxHTTPSProxy's PopMenu TLS 1.3 3V3: Edited April 20, 2024 by AstroSkipper 1
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now