Anbima Posted April 20 Share Posted April 20 6 minutes ago, AstroSkipper said: Here is a llst of all cipher suites and TLS protocols offered by ProxHTTPSProxy's PopMenu TLS 1.3 3V3: Unfortunately the picture is too small, so I can't read it. And that would make it work again? Is there a short guide on how to install it? Everything on your site is almost too detailed. Link to comment Share on other sites More sharing options...
Anbima Posted April 20 Share Posted April 20 5 hours ago, NotHereToPlayGames said: My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP! But it must be due to the certificate. I have two sites with the same encryption and one works and the other does not. Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 20 Share Posted April 20 (edited) 42 minutes ago, Anbima said: Unfortunately the picture is too small, so I can't read it. And that would make it work again? Is there a short guide on how to install it? Everything on your site is almost too detailed. I have just changed the image. Click onto it and use the zoom button! All is described in my main article in the section 9 in terms of ProxHTTPSProxy's PopMenu TLS 1.3 3V3. BTW, information can't be detailed enough. You should rather be glad that someone has gone to so much trouble. And inside the archive file is additionally a manual with all instructions. Edited April 20 by AstroSkipper Update of content 3 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 (edited) 2 hours ago, Anbima said: But it must be due to the certificate. I have two sites with the same encryption and one works and the other does not. It's not the "encryption" you are failing, it is the "algorithm" that you are failing. WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates. Period. The E1 cert is your issue, each and every web site that has been cited in this thread that is not reported as "secure" in the web browser's address bar is using E1. You will NEVER get this E1 certificate to show up as "secure" in XP. Edited April 20 by NotHereToPlayGames Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 The DHL cert is "secure" in XP because it is NOT using Elliptic Curve. Link to comment Share on other sites More sharing options...
66cats Posted April 20 Share Posted April 20 (edited) 47 minutes ago, NotHereToPlayGames said: The E1 cert is your issue, each and every web site that has been cited in this thread that is not reported as "secure" in the web browser's address bar is using E1. How do Chrome-based browsers like Supermium figure into this? Or am i misunderstanding something? Edit: here's deepl.com. Edited April 20 by 66cats Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 20 Share Posted April 20 41 minutes ago, NotHereToPlayGames said: WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates. Period. And what about that? A Windows port of the Elliptic Curve Cryptography library (ECC-LIB): https://github.com/argp/ecc-lib-win32 3 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 13 minutes ago, AstroSkipper said: And what about that? A Windows port of the Elliptic Curve Cryptography library (ECC-LIB): https://github.com/argp/ecc-lib-win32 Looks promising. 1 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 53 minutes ago, 66cats said: How do Chrome-based browsers like Supermium figure into this? Or am i misunderstanding something? Edit: here's deepl.com. No clue without debugging their code. While 360Chrome is transparent and open and will SHOW you its INTERNAL certificates, Supermium and Thorium both HIDE their INTERNAL certificates and only take you to a "support.google.com" page if you ATTEMPT to view them! 1 Link to comment Share on other sites More sharing options...
66cats Posted April 20 Share Posted April 20 38 minutes ago, NotHereToPlayGames said: Supermium and Thorium both HIDE their INTERNAL certificates My only point is there are XP browsers capable of handling those sites, nothing more Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 20 Share Posted April 20 Here are two screenshots containing the site and certificate information of DeepL and valid-isrgrootx2.letsencrypt.org taken from Mypal 68.13.9b under Windows XP Professional 32-bit: I can't see any E1 problems. I fear your statement: 1 hour ago, NotHereToPlayGames said: WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates. Period. The E1 cert is your issue, each and every web site that has been cited in this thread that is not reported as "secure" in the web browser's address bar is using E1. You will NEVER get this E1 certificate to show up as "secure" in XP. is not correct. Maybe, it applies to Windows XP without any ports and 360Chrome but not in general. Do you agree? 2 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 (edited) We are mixing apples and oranges. Mypal uses an INTERNAL cert store to pass ECC on XP. Supermium uses an INTERNAL cert store (hidden from the user as far as I can tell) to pass ECC on XP. 360Chrome fails ECC on XP because its INTERNAL cert store does not contain the same INTERNAL certs as Mypal or Supermium. This has actually always been one of the ADVANTAGES of Mozilla-based browsers - a cert store fully INDEPENDENT of the OS it is ran on because the cert store is INTERNAL to the browser itself. Update the browser, you update the cert store. No need for threads like this because the cert store is updated when the browser is updated, keep the OS as old and ancient as you want, you're not using the OS cert store. Edited April 20 by NotHereToPlayGames 1 Link to comment Share on other sites More sharing options...
NotHereToPlayGames Posted April 20 Share Posted April 20 Technically, I'm not a fan of INTERNAL cert stores. TRUST ME, it is EXTREMELY easy to release a web browser who's address bar ALWAYS ALWAYS ALWAYS shows a "secure padlock" with made-up details to lead the user into a FALSE sense of "security". We do have MSFN Members that would not be fooled, but trust me, it is EXTREMELY easy to do. And several HUNDRED members here would never know - not until the small handful of a half a dozen or so showed up and pointed it out. Link to comment Share on other sites More sharing options...
AstroSkipper Posted April 20 Share Posted April 20 1 minute ago, NotHereToPlayGames said: We are mixing apples and oranges. No, we don't. You said: 1 hour ago, NotHereToPlayGames said: WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates. Period. You will NEVER get this E1 certificate to show up as "secure" in XP. This statement does not refer to any cert stores. You have to stand by what you said. Maybe, you should correct this statement so that it can be assigned a Boolean truth value of true again. The evidence can be found in the previous posts. 3 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now