Jump to content

Root Certificates and Revoked Certificates for Windows XP

heinoganda

By heinoganda
in Windows XP

 Share

Recommended Posts

Anbima

Anbima

Posted
Posted
6 minutes ago, AstroSkipper said:

Here is a llst of all cipher suites and TLS protocols offered by ProxHTTPSProxy's PopMenu TLS 1.3 3V3:

Unfortunately the picture is too small, so I can't read it.
And that would make it work again? Is there a short guide on how to install it?
Everything on your site is almost too detailed.


Anbima

Anbima

Posted
Posted (edited)
On 4/20/2024 at 1:27 PM, NotHereToPlayGames said:

My 360Chrome is "secure" for this E1 cert using ECDHE_ECDSA because this is on WINDOWS 10 and not XP!

 

But it must be due to the certificate.
I have two sites with the same encryption and one works and the other does not.

 

 

Edited by Anbima
AstroSkipper

AstroSkipper

Posted
Posted (edited)
42 minutes ago, Anbima said:

Unfortunately the picture is too small, so I can't read it.
And that would make it work again? Is there a short guide on how to install it?
Everything on your site is almost too detailed.

I have just changed the image. Click onto it and use the zoom button! All is described in my main article in the section 9 in terms of ProxHTTPSProxy's PopMenu TLS 1.3 3V3. BTW, information can't be detailed enough. You should rather be glad that someone has gone to so much trouble. :P And inside the archive file is additionally a manual with all instructions. animiertes-schilder-smilies-bild-0006.gi spanachee.gif

Edited by AstroSkipper
Update of content
3
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted (edited)
2 hours ago, Anbima said:

But it must be due to the certificate.
I have two sites with the same encryption and one works and the other does not.

It's not the "encryption" you are failing, it is the "algorithm" that you are failing.

WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates.  Period.

The E1 cert is your issue, each and every web site that has been cited in this thread that is not reported as "secure" in the web browser's address bar is using E1.

You will NEVER get this E1 certificate to show up as "secure" in XP.

image.thumb.png.6297f6978c5cd4385d8105b686f2c986.png

Edited by NotHereToPlayGames
66cats

66cats

Posted
Posted (edited)
47 minutes ago, NotHereToPlayGames said:

The E1 cert is your issue, each and every web site that has been cited in this thread that is not reported as "secure" in the web browser's address bar is using E1.

How do Chrome-based browsers like Supermium figure into this? Or am i misunderstanding something?

 

Edit: here's deepl.com.

Edited by 66cats
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted
53 minutes ago, 66cats said:

How do Chrome-based browsers like Supermium figure into this? Or am i misunderstanding something?

 

Edit: here's deepl.com.

No clue without debugging their code.

While 360Chrome is transparent and open and will SHOW you its INTERNAL certificates, Supermium and Thorium both HIDE their INTERNAL certificates and only take you to a "support.google.com" page if you ATTEMPT to view them!

1
66cats

66cats

Posted
Posted
38 minutes ago, NotHereToPlayGames said:

Supermium and Thorium both HIDE their INTERNAL certificates

My only point is there are XP browsers capable of handling those sites, nothing more :)

AstroSkipper

AstroSkipper

Posted
Posted

Here are two screenshots containing the site and certificate information of DeepL and valid-isrgrootx2.letsencrypt.org taken from Mypal 68.13.9b under Windows XP Professional 32-bit:

Mypal-68-13-9-E1-certificate.png

Mypal-68-13-9-E1-certificate-2.png

I can't see any E1 problems. I fear your statement:

1 hour ago, NotHereToPlayGames said:

WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates.  Period.

The E1 cert is your issue, each and every web site that has been cited in this thread that is not reported as "secure" in the web browser's address bar is using E1.

You will NEVER get this E1 certificate to show up as "secure" in XP.

is not correct. nimportequoi.gif Maybe, it applies to Windows XP without any ports and 360Chrome but not in general. spanachee.gif Do you agree? :dubbio:

 

2
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted (edited)

We are mixing apples and oranges.

Mypal uses an INTERNAL cert store to pass ECC on XP.

Supermium uses an INTERNAL cert store (hidden from the user as far as I can tell) to pass ECC on XP.

360Chrome fails ECC on XP because its INTERNAL cert store does not contain the same INTERNAL certs as Mypal or Supermium.

This has actually always been one of the ADVANTAGES of Mozilla-based browsers - a cert store fully INDEPENDENT of the OS it is ran on because the cert store is INTERNAL to the browser itself.

Update the browser, you update the cert store.  No need for threads like this because the cert store is updated when the browser is updated, keep the OS as old and ancient as you want, you're not using the OS cert store.

Edited by NotHereToPlayGames
2
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

Technically, I'm not a fan of INTERNAL cert stores.

TRUST ME, it is EXTREMELY easy to release a web browser who's address bar ALWAYS ALWAYS ALWAYS shows a "secure padlock" with made-up details to lead the user into a FALSE sense of "security".

We do have MSFN Members that would not be fooled, but trust me, it is EXTREMELY easy to do.

And several HUNDRED members here would never know - not until the small handful of a half a dozen or so showed up and pointed it out.

AstroSkipper

AstroSkipper

Posted
Posted
1 minute ago, NotHereToPlayGames said:

We are mixing apples and oranges.

No, we don't. You said:

1 hour ago, NotHereToPlayGames said:

WinXP can not, under any circumstance, be made compatible with Elliptic Curve key algorithm certificates.  Period.

You will NEVER get this E1 certificate to show up as "secure" in XP.

 

This statement does not refer to any cert stores. You have to stand by what you said.  Maybe, you should correct this statement so that it can be assigned a Boolean truth value of true again. :P The evidence can be found in the previous posts. :)

3

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...