heinoganda Posted June 9, 2018 Share Posted June 9, 2018 (edited) @Thomas S. cffi== 1.11.2 > 1.11.5 cryptography== 2.1.4 > 2.2.2 packaging== 16.8 > 17.1 pyasn1== 0.4.2 > 0.4.3 pyOpenSSL== 17.5.0 > 18.0.0 urllib3== 1.22 > 1.23 Edited June 9, 2018 by heinoganda Link to comment Share on other sites More sharing options...
Thomas S. Posted June 9, 2018 Share Posted June 9, 2018 Very good! Little modifications: Link to comment Share on other sites More sharing options...
heinoganda Posted August 18, 2018 Share Posted August 18, 2018 (edited) New build of ProxHTTPSProxyMII (Rev 2m) available. Various python modules and CA certificates (cacert.pem) updated. If interested, send me a PM. Edited August 18, 2018 by heinoganda Link to comment Share on other sites More sharing options...
nijazx86 Posted August 18, 2018 Share Posted August 18, 2018 Has anybody tried opening https://androidfrog.com on chrome or ie? Has anybody heard that Microsoft released TLS 1.1 and TLS 1.2 less than a year ago for windows xp posready? Guess what? It does not work. Totally useless. Cipher suites and encryption algothitms come together of course, as all their system files are replaced. I verified that my are replace really. But does not improve anything. I tried installing both on normal xp sp3 pro x86 + all automatic updates (about 140 of them), and xp posready 2009 + all automatic updates (about 300 of them). Done registry changes as suggested by microsoft including generating my key and folders for those keys in regedit. Nothing again. Looks like they are lieing. https://cloudblogs.microsoft.com/microsoftsecure/2017/10/05/announcing-support-for-tls-1-1-and-tls-1-2-in-xp-posready-2009/ https://blogs.msdn.microsoft.com/windows-embedded/2017/10/10/announcing-support-for-tls-1-1-and-tls-1-2-in-windows-embedded-standard-2009-and-windows-embedded-posready-2009/ And did you know that internet download manager (IDM) and free download manager (FDM) have https problems too? But internet download accelerator (IDA) has not. That tutorial from idm is fake or useless, does not work, after i contacted them they say only i am complaining, and it works for rest of world. http://www.internetdownloadmanager.com/support/xp-https-problems.html Link to comment Share on other sites More sharing options...
siria Posted August 18, 2018 Share Posted August 18, 2018 Not chrome or IE here, but androidfrog.com can't be using TLS1.2. That page looks quite normal in KM1.6 (=FF3.5), with max SSL3. My useragent is IE7 at the moment. Link to comment Share on other sites More sharing options...
heinoganda Posted August 18, 2018 Share Posted August 18, 2018 (edited) About the topic that in Google Chrome various encrypted websites can not be opened with the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH has been discussed many times in the forum. This is because Google Chrome accesses the certificates of Windows XP where ECC certificates can not be processed and stored in the certificate management of Windows XP. Therefore, my offer for a local HTTPS Proxy with which these web pages can be opened. (If interested, send me a PM.) Meanwhile, IE8 also supports TLS 1.2. Edited August 18, 2018 by heinoganda Link to comment Share on other sites More sharing options...
nijazx86 Posted August 18, 2018 Share Posted August 18, 2018 1 hour ago, siria said: Not chrome or IE here, but androidfrog.com can't be using TLS1.2. That page looks quite normal in KM1.6 (=FF3.5), with max SSL3. My useragent is IE7 at the moment. It says it is tls 1.2 when i click that green padlock left of url field in firefox. In chrome it doesn't work. Oddly, when I set min and max tls version to 0 which is ssl3 in firefox, it still shows tls1.2. Looks like I can't test in firefox lower cipher suite. Even after restarting browser or using incognito. Link to comment Share on other sites More sharing options...
nijazx86 Posted August 18, 2018 Share Posted August 18, 2018 (edited) Thanks, works like a charm! And I know how to work with proxy, and I do not need this for firefox but only chrome, because firefox last for xp (52.9.0 esr) has all cipher suites and alghoritms, so i choose its proxy as none instead of system proxy. Also best of all since I have extension for chrome proxy switch omega, it allows me to only redirect chrome through your proxy without interference of other apps. I always thought something like this may work if proxy supports those some https sites, so i thought proxomitron or burpsuite or charles proxy could be used, but never tried them. But your apps anyway wastes much less memory, hdd, cpu, so is real solution. And you can use proxy switch omega as "offline" switch for chrome, by adding proxy like 0.0.0.0 as proxy and making it auto switch shortcut, so just one button click for offline mode. Maybe now I will use chrome again instead of firefox, because main reason for transition was inability of some https websites. Also looks like now I will be able to use internetdownloadmanager again, and actually all apps!!! One more problem, flux application doesn't work in xp, it says in your app window: "[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [justgetflux.com:443] It displayed this even before using your app. Should I update internet explorer or you your app? Edited August 18, 2018 by nijazx86 Link to comment Share on other sites More sharing options...
heinoganda Posted August 19, 2018 Share Posted August 19, 2018 With the program f.lux is called in the attitude of the locatian over the IE Google maps, which in the IE7 / 8 no longer functions. Quit ProxHTTPSProxy, start "ProxHTTPSProxy_PSwitch.exe" and quit ProxHTTPSProxy again. This will reset the proxy settings to the former settings of the IE. If you're using a proxy switch (127.0.0.1:8079) on Chrome, then "ProxHTTPSProxy.exe" should be used to start ProxHTTPSProxy. Link to comment Share on other sites More sharing options...
nijazx86 Posted August 19, 2018 Share Posted August 19, 2018 (edited) Sorry can't understand. Are you saying that flux can't work? I am using internet explorer 6. Chrome works fine with androidfrog.com. Edited August 19, 2018 by nijazx86 Link to comment Share on other sites More sharing options...
heinoganda Posted August 19, 2018 Share Posted August 19, 2018 (edited) Google Maps that is no longer working with older IE is called at f.lux location, there is no other standard browser because f.lux always works on the existing IE. Reset the proxy settings from the system (IE) if quit ProxHTTPSProxy, start "ProxHTTPSProxy_PSwitch.exe" and quit ProxHTTPSProxy again did not work! Edited August 19, 2018 by heinoganda Link to comment Share on other sites More sharing options...
nijazx86 Posted August 19, 2018 Share Posted August 19, 2018 (edited) Oh i tried opening any other page it didn't work, gave same error. But when I installed ie8 it finally worked. Not the flux, but didn't give error messages in your app, and other websites work, and shows error message about google maps in flux. Now it is ok. I will install win7 on usb or another partition just to get flux registry or files settings for my area, then copy them to xp flux data. Luckily I know how to do that. You program is ok anyway. I thought nobody will ever solve windows xp https, but you solved. Thanks again! Now can enjoy all websites and apps, almost all. And I am aware that now error in flux has nothing to do with https or your app, but simply interent explorer is too bad. That's why normally i would never use it, but chrome. Also other 3rd party browsers like slimjet, advanced chrome...besides firefox which has not https problems even without your app. Edited August 19, 2018 by nijazx86 Link to comment Share on other sites More sharing options...
SRainharp Posted August 27, 2018 Share Posted August 27, 2018 (edited) Reading this thread seems a pain. From what I can tell, the only working solution so far is to proxy the problematic pages, since XP's TLS 1.1 and 1.2 support is ugh, because of it not being updated to accept ECC certs, or use a good browser that isn't Chromium-based. Is this true or is there any update to the initial part of the thread, where ReactOS was tested? I don't have another PC and really don't have the time at the moment to setup a VM on this netbook of XP, it seems... pointless for me to do so, to say the least, at least for my opinion. (Sorry, I'm not good at reading entire threads, I tend to read what's at the beginning and end only, usually they help me out more often than not) Edited August 27, 2018 by SRainharp Link to comment Share on other sites More sharing options...
FranceBB Posted August 27, 2018 Share Posted August 27, 2018 (edited) Yes, Microsoft introduced TLS1.2 support in XP, but ECC certificates can't be stored so it ends up with a mismatch and it doesn't work. Firefox 52.9 ESR supports TLS1.3 but you have to enable it as it's disabled by default Microsoft support also said that they are working on TLS1.3, so hopefully crypto.dll will be updated in the near future. Heinoganda did a really good job with his proxy: I have been using it in the past and it was really useful, but I stopped using it mainly because I still use XP to do home-banking and access to my investments and I don't know who owns the server. Of course, traffic still goes through HTTPS so it's supposed to be encrypted, but still... Edited August 27, 2018 by FranceBB Link to comment Share on other sites More sharing options...
SRainharp Posted August 28, 2018 Share Posted August 28, 2018 10 hours ago, FranceBB said: mainly because I still use XP to do home-banking and access to my investments and I don't know who owns the server. Of course, traffic still goes through HTTPS so it's supposed to be encrypted, but still... Why are you doing home-banking over XP? I'd use XP for anything but that tbh, and I'm an ardent supporter of that 17-years-old OS... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now