Jump to content

Problems accessing certain sites (Https aka TLS)


Recommended Posts

On 12/13/2019 at 7:11 PM, Dave-H said:

That does look a bit excessive, mine takes about 3 Mb when it's idle, and about 6 Mb while I have a Firefox tab open!
Is the memory use still high with your browsers and/or e-mail programs closed?
:dubbio:

I confirm the situation.

After a few minutes of surfing with only 2 tabs opened with SRWare Iron 49:

8.thumb.jpg.befe23f237d0526ad442a1c98210b22f.jpg

After closing the browser, the memory footprint stay the same. :wacko:

I'm testing the latest build on a ThinkPad T500 with the french edition of XP Pro SP3.

Edited by genieautravail
Link to comment
Share on other sites


When you look at the console window of HTTPSProxy, what is it actually doing while it's using so much memory with your browsers closed?
I can only think that something else on the system must be generating a lot of network traffic!
:dubbio:

Link to comment
Share on other sites

19 hours ago, Dave-H said:

When you look at the console window of HTTPSProxy, what is it actually doing while it's using so much memory with your browsers closed?
I can only think that something else on the system must be generating a lot of network traffic!
:dubbio:

Five minutes after closing the browser:

13.thumb.jpg.54ebe7ecfa4d5637db61a1e3fab0ea61.jpg

There is a real memory management issue.:unsure:

Pehaps that @heinoganda has a debug version of the proxy ?

Link to comment
Share on other sites

14 hours ago, genieautravail said:

There is a real memory management issue.

And what exactly is the issue? Compared to latest Basilisk 52.9 release by @roytam1 used with few open tabs (5-6) with uBO legacy installed memory consumption by ProxHTTPSProxyMII v1.5 at least ten times smaller. And don't forget that Python interpreted scripts are used in ProxHTTPSProxyMII v1.5. Even 120Mb of memory consumption i got once still not comparable with memory consumption of main browser.

Link to comment
Share on other sites

26 minutes ago, Bersaglio said:

And what exactly is the issue? Compared to latest Basilisk 52.9 release by @roytam1 used with few open tabs (5-6) with uBO legacy installed memory consumption by ProxHTTPSProxyMII v1.5 at least ten times smaller. And don't forget that Python interpreted scripts are used in ProxHTTPSProxyMII v1.5. Even 120Mb of memory consumption i got once still not comparable with memory consumption of main browser.

Memory footprint can't decrease with no activity ?

Link to comment
Share on other sites

  • 1 month later...
On 2/3/2020 at 4:36 AM, Raheem Jamali said:

Replacing ieframe.dll of Win XP with React OS ieframe.dll allows UC Browser, Chromium 49 and other browsers to use TLS 1.2 but still it requires few modifications.

After replacing the file when loading the OS, an error began to appear about the missing call in the kerner32.dll file. In addition, Internet Explorer and the browser settings in the control panel have completely broken. Support for TLS 1.2 is added by KB4467770: https://support.microsoft.com/en-us/help/4467770/update-to-enable-tls-1-1-and-tls-1-2-as-secure-protocols -on-winhttp

Link to comment
Share on other sites

Yes I have managed to get it running with few modifications but it completely breaks Internet Explorer. I was testing that to get mbedtls to run in WinXp instead of native security protocol. It would be beneficial when mbedtls would support TLS 1.3 i guess then we would get real benefit. But yeah it breaks IE. Ieframe.dll, schannel.dll, bcrypt.dll mbedtls.dll these files i have replaced. 

Link to comment
Share on other sites

1 hour ago, Raheem Jamali said:

It would be beneficial when mbedtls would support TLS 1.3

With TLS 1.3, everything is much more complicated, even Windows 10 does not support it. Sites that have versions 1.2 and 1.3 open using version 1.2. And sites with only 1.3 on them do not open at all, displaying a secure connection error. You can check browser support for version TLS 1.3 on this site: https://tls13.1d.pw/

Link to comment
Share on other sites

  • 2 weeks later...
On 2/9/2020 at 12:48 AM, Dave-H said:

You're right, IE11 and Edge cannot connect to that site even on Windows 10.
Firefox 72 however, can.
:)

And on Windows XP Serpent can open https://tls13.1d.pw/ too saying:

"Successfully connected TLS 1.3 OK;"

Unbelievable!

Edited by AstroSkipper
Correction
Link to comment
Share on other sites

10 hours ago, AstroSkipper said:

And on Windows XP Serpent can open https://tls13.1d.pw/ too saying:

"Successfully connected TLS 1.3 OK;"

Unbelievable!

In browsers based on Firefox, its own OS-independent encryption engine. Therefore, in these browsers, even in Win 9x, it is technically possible to make support for TLS 1.3. Chrome-based browsers use system encryption, so even TLS 1.1 isn’t there without a system update. But in 360 Extreme Explorer made their own encryption engine, so it also supports TLS 1.3 in Win XP.

Link to comment
Share on other sites

Websites that only support Chrome are a real dilemma for XP users because those versions of Chrome that will work under windows do not have built in support cipher suites that include Elliptic Curve Digital Signature Algorithms (ECDS), and so have to fall back on system encryption libraries that XP does not have.  However, there is no need to use ProxHTTPSProxyMII because 360 Extreme Explorer is a Chromium based browser with support for TLS 1.3 and cipher suites that include Elliptic Curve Digital Signature Algorithms.  Here are the supported cipher suites for the website that always give the ERR_SSL_VERSION_OR_CIPHER_MISMATCH message in Chrome under XP (https://www.aidanwoods.com/blog/faulty-login-pages/)

TLS_AES_128_GCM_SHA256        
TLS_AES_256_GCM_SHA384            
TLS_CHACHA20_POLY1305_SHA256               
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       
OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256            
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256           
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA            
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256        
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Here are the cipher suites supported by Advanced Chrome 54.20.6530.0 which as you can see only include the RSA Digital Signature Algorithms, so nothing matches.

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Here are the cipher suites supported by 360 Extreme Explorer with those that match the supported cipher suites of the aidanwoods.com site highlighted in bold.

TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

From this I have concluded that I only have to replace Advanced Chrome with 360 Extreme Explorer on my XP machine and the problem is solved.  Although browsing with 360 Extreme Explorer is not trouble free due to pages sometimes being displayed in Chinese and Russian it is only the fallback option when MyPal fails to load a website.

Edited by Zorba the Geek
Link to comment
Share on other sites

3 hours ago, Zorba the Geek said:

Although browsing with 360 Extreme Explorer is not trouble free due to pages sometimes being displayed in Chinese and Russian it is only the fallback option when MyPal fails to load a website.

The answer about this issue is here:

https://msfn.org/board/topic/178380-extreme-explorer-360-chromium-78-general-discussion/?do=findComment&comment=1174038

 

Link to comment
Share on other sites

On 2/2/2020 at 3:36 PM, Raheem Jamali said:

Replacing ieframe.dll of Win XP with React OS ieframe.dll allows UC Browser, Chromium 49 and other browsers to use TLS 1.2 but still it requires few modifications. Replacing Crypto32.dll in win xp renders it non bootable.

On 2/4/2020 at 7:03 AM, ED_Sln said:

After replacing the file when loading the OS, an error began to appear about the missing call in the kerner32.dll file. In addition, Internet Explorer and the browser settings in the control panel have completely broken. Support for TLS 1.2 is added by KB4467770: https://support.microsoft.com/en-us/help/4467770/update-to-enable-tls-1-1-and-tls-1-2-as-secure-protocols-on-winhttp

What are you folks trying to accomplish here? Support for TLS 1.2 was added to XP (actually, POSReady '09) long ago by the above mentioned KB, and to IE8 specifically by KB4316682 (later cumulative IE8 updates should work too):

TLS 1.2 support is limited though, because native support for ECC (certificates and ciphers) was never added to XP.

On 2/4/2020 at 11:01 PM, Raheem Jamali said:

Yes I have managed to get it running with few modifications but it completely breaks Internet Explorer. I was testing that to get mbedtls to run in WinXp instead of native security protocol. It would be beneficial when mbedtls would support TLS 1.3 i guess then we would get real benefit. But yeah it breaks IE. Ieframe.dll, schannel.dll, bcrypt.dll mbedtls.dll these files i have replaced. 

If it's TLS 1.3 you want (without using ProxHTTPSProxyMII) on IE/Chrome, I'd bet you're going to have to perform some pretty major surgery. Might be better off just migrating to ReactOS, or just using a browser with native TLS 1.3 support like EE 360 or @roytam1's Serpent.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...