Jump to content

Root Certificates and Revoked Certificates for Windows XP

heinoganda

By heinoganda
in Windows XP

 Share

Recommended Posts

NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

Guys, sorry for the late arrival.

There is a lot of true info in these recent posts, there is also a lot of misleading half-truths.

I shall attempt to clear the air, but sometimes that is impossible here at MSFN when people doing the discussing already have preconceived notions (which may result in this being my ONLY reply to these recent posts).

I speak solely towards my 360Chrome v13.5.1030 Redux as that is the only version I still use.  My other versions "should" be the same in this regard.

 

First, yes, it is "true" that iTrusChina Co.,Ltd. is LISTED in the Trusted Certificates Store - that is not the same thing as saying it is being "used" by 360Chrome.

The USE of this certificate is "supposed to be" BROKEN in my builds.

Now then, with that said, how do we PROVE that the USE of this cert is BROKEN?

You must must must first locate a web site that USES that cert!

https://valid-isrgrootx2.letsencrypt.org/ does NOT use that cert - it uses "E1".

More importantly, it uses "ECDHE_ECDSA" as the key exchange mechanism - this is not compatible with WinXP and cannot be made compatible with WinXP.

My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP!

image.png.9d9f06cad411d4eb3c9c806a7d81b9fe.png

3
Link to comment
Share on other sites

Klemper

Klemper

Posted
Posted
4 hours ago, CallCateIn58 said:

https://caprogram.360.cn/#trust

"360 Browser usually trusts the root certificate trusted by the underlying operating system, but now it will also configure its own root trust store.  360 reserves the right to remove any certificate."

I don’t know whether 360EE preferentially uses the root certificate trusted by the operating system or the root certificate trusted by 360.

 

Windows Server 2003 Enterprise x64 Edition-2024-04-20-19-18-41.png

Wow! Interesting, so they confirm it's malware themselves! "360 reserves the right to remove any certificate!" ?!??!

Does this updater have a protection mechanism for such malicious actions?

Link to comment
Share on other sites
Klemper

Klemper

Posted
Posted
3 hours ago, NotHereToPlayGames said:

First, yes, it is "true" that iTrusChina Co.,Ltd. is LISTED in the Trusted Certificates Store

I'm confused, so this cert updater programme stuffs the cert store with China certs?

Link to comment
Share on other sites
CallCateIn58

CallCateIn58

Posted
Posted
19 minutes ago, Klemper said:

Wow! Interesting, so they confirm it's malware themselves! "360 reserves the right to remove any certificate!" ?!??!

Does this updater have a protection mechanism for such malicious actions?

360 emphasizes that the certificate removal strategy even includes root certificates trusted by the operating system. Of course, the browser cannot delete the system root certificate but blacklists the certificate itself.

Link to comment
Share on other sites
Anbima

Anbima

Posted
Posted
2 hours ago, NotHereToPlayGames said:

My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP!

 

If the problem is XP, why does it work with an older MyPal 28.3?

Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted
1 hour ago, Anbima said:

If the problem is XP, why does it work with an older MyPal 28.3?

Mozilla does not use XP's cert store.

This thread updates XP's cert store and will not affect any browser's INTERNAL cert store, it will only effect the OS cert store.

Two different stores entirely.

2
Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted
4 minutes ago, NotHereToPlayGames said:

Mozilla does not use XP's cert store.

This thread updates XP's cert store and will not affect any browser's INTERNAL cert store, it will only effect the OS cert store.

Two different stores entirely.

Yep! And that's a good example why TLS protocols and certain cipher suites can be used in Windows XP although this OS can't handle them natively.

2
Link to comment
Share on other sites
Anbima

Anbima

Posted
Posted
20 minutes ago, AstroSkipper said:

Yep! And that's a good example why TLS protocols and certain cipher suites can be used in Windows XP although this OS can't handle them natively.

Is your ProxHTTPSProxy's made to work again?

Link to comment
Share on other sites
Anbima

Anbima

Posted
Posted
On 4/19/2024 at 12:49 PM, FranceBB said:

No problem on Chromium 108.0.5359.125 (Developer Build) (32-bit) on my Windows XP x86:

 

What kind of development is this?
Is it stable and fast?
Where can I download it?

Link to comment
Share on other sites
AstroSkipper

AstroSkipper

Posted
Posted (edited)
48 minutes ago, Anbima said:

Is your ProxHTTPSProxy's made to work again?

Here is a llst of all cipher suites and TLS protocols offered by ProxHTTPSProxy's PopMenu TLS 1.3 3V3:

browserleaks-ssl-2022-09-08-15-20-47.png

Edited by AstroSkipper
1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...