Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


heinoganda

Root Certificates and Revoked Certificates for Windows XP

Recommended Posts


Hello again,

First: My apologies for double-posting.

I just tried this on a Windows XP Professional x64 Edition SP2 VM after removing the "Update Root Certificates" Windows component, and this is what it looks like:

certupdater-vert.png.ffe0986bf7ee4dac97b11541dde1d697.png

I took a look at the certificate store before and after, and certificates were indeed added and removed. The intermediate certificate authority revocation list stayed the same though. But it appears to be working as intended, I guess? Nothing related was logged into the system logs, no errors either.

Just a minor suggestion: I think it should say "Root Certificates", not "Roots Certificates".

Thanks for your work!

Share this post


Link to post
Share on other sites

TLS v1.2 doesn't work. Like I said, the corresponding Windows update simply doesn't exist for XP x64 (or Server 2003 x64). There is no x64 version of POSReady2009 after all, so my Windows SSL is stuck at TLS v1.0.

Maybe there is a corresponding update for companies which paid up to get continued support for Server 2003 x64, but no such update was ever leaked to the public as far as I know.

Share this post


Link to post
Share on other sites
2 hours ago, GrandAdmiralThrawn said:

TLS v1.2 doesn't work. Like I said, the corresponding Windows update simply doesn't exist for XP x64 (or Server 2003 x64). There is no x64 version of POSReady2009 after all, so my Windows SSL is stuck at TLS v1.0.

Then your best shot is ProxHTTPSProxyMII

Share this post


Link to post
Share on other sites

I checked my XP x64 testbed (which includes 5eraph's Update Pack) and see that TLS 1.2 is working there.

Share this post


Link to post
Share on other sites

When using Internet Explorer? If so, then very interesting. Then the question would be: Which update gives TLS v1.2 on XP x64? I've tracked all the updates that came out for Server 2003 x64 (after XP x64 went EoL), and there was no TLS v1.2 update included, unless I've overlooked something.

Share this post


Link to post
Share on other sites
12 hours ago, bluebolt said:

I checked my XP x64 testbed (which includes 5eraph's Update Pack) and see that TLS 1.2 is working there.

Which browser checked? And on which site?

Share this post


Link to post
Share on other sites
1 hour ago, GrandAdmiralThrawn said:

Which update gives TLS v1.2 on XP x64?

AFAIK, you should search for Windows Server 2003 x64 updates.

Share this post


Link to post
Share on other sites
6 minutes ago, Usher said:

AFAIK, you should search for Windows Server 2003 x64 updates.

The only update I'm aware is KB948963 that is a cipher upgrade to enable AES128 and AES256 in WinSSL...

Share this post


Link to post
Share on other sites
Posted (edited)
4 hours ago, Usher said:

AFAIK, you should search for Windows Server 2003 x64 updates.

I'm sorry, but just 2 posts before I said that I had tracked Server 2003 x64 updates since the EoL of XP x64. You can find my corresponding list [here]. Also, as said, maybe I've just overlooked something. But my searches don't turn up any TLS 1.2 update for Windows SSL on Server 2003 x64 or XP x64.

Of course, I can use it with New Moon, but that's not what this is about. I want this for IE8 to upgrade certain softwares which use the IE8 engine to access secure websites (some license activation systems do this, e.g. the one that comes with Adobe Photoshop CS6).

Edit @FranceBB: You're right about ProxHTTPSProxyMII of course. Just saying, so you don't think I'm ignoring your suggestions. :) But if there's a way to get this done with some Windows Update on XP x64, I'd prefer that way. If at all possible.

Edited by GrandAdmiralThrawn

Share this post


Link to post
Share on other sites
13 hours ago, GrandAdmiralThrawn said:

When using Internet Explorer?

 

13 hours ago, ED_Sln said:

Which browser checked? And on which site?

Wrong browser, sorry.

Share this post


Link to post
Share on other sites
Posted (edited)
On 4/21/2020 at 8:55 AM, GrandAdmiralThrawn said:

I'm sorry, but just 2 posts before I said that I had tracked Server 2003 x64 updates since the EoL of XP x64. You can find my corresponding list [here]. Also, as said, maybe I've just overlooked something. But my searches don't turn up any TLS 1.2 update for Windows SSL on Server 2003 x64 or XP x64.

Unfortunately, I can't find KB numbers, only dates and info about Windows Server 2003. I suspect there might be updates for 32-bit version there.

On the list you have linked above there are only two strictly related updates: KB4018271 for IE8 x64 and KB948963 for AES. Update for IE is too old to contain properly working TLS 1.1/1.2 implementation (latest fixes were in KB4483187 in December 2018, EDIT: and possibly in cumulative update KB4493435 for IE8 in April 2019), and there is no update for SHA hashes and TLS 1.1/1.2 themselves (they were in KB4019276 for XP 32-bit, released after KB4018271 for IE8 64-bit).

 

Of course, if I find any new info, I will post it here…

Edited by Usher
added last IE8 update

Share this post


Link to post
Share on other sites

Thank you!

Also, it'd be interesting to hear of any leaks of updates sourced from paid support (which are not available to the public). There should be some companies which still get them after all. Would violate the license agreement to release them I presume, but still.

I would've tried to actually pay Microsoft for them myself, but unfortunately, this service is not available for private individuals. ;)

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...