NotHereToPlayGames Posted April 20 Share Posted April 20 Guys, sorry for the late arrival. There is a lot of true info in these recent posts, there is also a lot of misleading half-truths. I shall attempt to clear the air, but sometimes that is impossible here at MSFN when people doing the discussing already have preconceived notions (which may result in this being my ONLY reply to these recent posts). I speak solely towards my 360Chrome v13.5.1030 Redux as that is the only version I still use. My other versions "should" be the same in this regard. First, yes, it is "true" that iTrusChina Co.,Ltd. is LISTED in the Trusted Certificates Store - that is not the same thing as saying it is being "used" by 360Chrome. The USE of this certificate is "supposed to be" BROKEN in my builds. Now then, with that said, how do we PROVE that the USE of this cert is BROKEN? You must must must first locate a web site that USES that cert! https://valid-isrgrootx2.letsencrypt.org/ does NOT use that cert - it uses "E1". More importantly, it uses "ECDHE_ECDSA" as the key exchange mechanism - this is not compatible with WinXP and cannot be made compatible with WinXP. My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP! 3 Link to comment Share on other sites More sharing options...
Klemper Posted April 20 Share Posted April 20 4 hours ago, CallCateIn58 said: https://caprogram.360.cn/#trust "360 Browser usually trusts the root certificate trusted by the underlying operating system, but now it will also configure its own root trust store. 360 reserves the right to remove any certificate." I don’t know whether 360EE preferentially uses the root certificate trusted by the operating system or the root certificate trusted by 360. Wow! Interesting, so they confirm it's malware themselves! "360 reserves the right to remove any certificate!" ?!??! Does this updater have a protection mechanism for such malicious actions? Link to comment Share on other sites More sharing options...
Klemper Posted April 20 Share Posted April 20 3 hours ago, NotHereToPlayGames said: First, yes, it is "true" that iTrusChina Co.,Ltd. is LISTED in the Trusted Certificates Store I'm confused, so this cert updater programme stuffs the cert store with China certs? Link to comment Share on other sites More sharing options...
CallCateIn58 Posted April 20 Share Posted April 20 19 minutes ago, Klemper said: Wow! Interesting, so they confirm it's malware themselves! "360 reserves the right to remove any certificate!" ?!??! Does this updater have a protection mechanism for such malicious actions? 360 emphasizes that the certificate removal strategy even includes root certificates trusted by the operating system. Of course, the browser cannot delete the system root certificate but blacklists the certificate itself. Link to comment Share on other sites More sharing options...
CallCateIn58 Posted April 20 Share Posted April 20 6 minutes ago, Klemper said: I'm confused, so this cert updater programme stuffs the cert store with China certs? You mean Microsoft certs is China Certs? Link to comment Share on other sites More sharing options...
Anbima Posted April 20 Share Posted April 20 2 hours ago, NotHereToPlayGames said: My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP! If the problem is XP, why does it work with an older MyPal 28.3? Link to comment Share on other sites More sharing options...
66cats Posted April 20 Share Posted April 20 1 hour ago, Anbima said: why does it work with an older MyPal 28.3? It doesn't for me, though it does work in XP+Supermium. 1 Link to comment Share on other sites More sharing options...
Anbima Posted April 20 Share Posted April 20 Have you updated the root certificates? Link to comment Share on other sites More sharing options...
66cats Posted April 20 Share Posted April 20 14 minutes ago, Anbima said: Have you updated the root certificates? Don't think so, but just updated now. Same results. Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 1 hour ago, Anbima said: If the problem is XP, why does it work with an older MyPal 28.3? Mozilla does not use XP's cert store. This thread updates XP's cert store and will not affect any browser's INTERNAL cert store, it will only effect the OS cert store. Two different stores entirely. 2 Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 20 Share Posted April 20 4 minutes ago, NotHereToPlayGames said: Mozilla does not use XP's cert store. This thread updates XP's cert store and will not affect any browser's INTERNAL cert store, it will only effect the OS cert store. Two different stores entirely. Yep! And that's a good example why TLS protocols and certain cipher suites can be used in Windows XP although this OS can't handle them natively. 2 Link to comment Share on other sites More sharing options...
Anbima Posted April 20 Share Posted April 20 20 minutes ago, AstroSkipper said: Yep! And that's a good example why TLS protocols and certain cipher suites can be used in Windows XP although this OS can't handle them natively. Is your ProxHTTPSProxy's made to work again? Link to comment Share on other sites More sharing options...
Anbima Posted April 20 Share Posted April 20 On 4/19/2024 at 12:49 PM, FranceBB said: No problem on Chromium 108.0.5359.125 (Developer Build) (32-bit) on my Windows XP x86: What kind of development is this? Is it stable and fast? Where can I download it? Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 On 4/19/2024 at 7:49 AM, FranceBB said: No problem on Chromium 108.0.5359.125 (Developer Build) (32-bit) on my Windows XP x86: We have to assume that you are using One-Core API, correct? 2 Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 20 Share Posted April 20 (edited) 48 minutes ago, Anbima said: Is your ProxHTTPSProxy's made to work again? Here is a llst of all cipher suites and TLS protocols offered by ProxHTTPSProxy's PopMenu TLS 1.3 3V3: Edited April 20 by AstroSkipper 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now