Problems accessing certain sites (Https aka TLS)

[Mathwiz]

IIRC XP SP1 was the last XP service pack that could support PAE....

[rloew]

XP SP3 does support PAE.

Only support for 64-Bit RAM was dropped.

[Thomas S.]

And the prerequisites have been changed (I have to read the PAE wicki to remember )

But this will be the limitation not to upgrade with SP3? I think no...

[Thomas S.]

Report a false positive to VirusTotal is not so easy.

VirusTotal now protects developers from becoming false positives

The service "VirusTotal Monitor" is free for the AV companies - not for the developers...

I found no way to report it on a simple way like "contact us".

[heinoganda]

@Thomas S.

Little hint, after the scan on Virustotal you get to see which virus scanner strikes, then you have the corresponding virus scanner manufacturer make a "false positive" message (screen shot of Virustotal and corresponding file/s).

Info

Edited November 13, 2018 by heinoganda

[Thomas S.]

@heinoganda

Thanks for this information, very interesting.

But this is not easy, all manually work ...

[Youse]

does anyone know some alternatives? Burp Suite was mentioned before, but it still gave an error on TLS1.1-TLS1.2 pages, and i found no related option that fixed it, either in the proxy settings or sll tab in project settings. plus it seems really slow and seems like the window always needs to be open for it to work.

[Thomas S.]

@Youse

No. I have searched for many month and found no other sutible solution. (May be there is another, but I didn't found it.)

And same experience with Burp Suite.

First effort was sTunnel and I have had success with it for Outlook to reactivate a TLS connection to my email provider as he switched from TLS1.0 to 1.2

Then came ProxHTTPSProxMII for WinXP HTTPS, found here in the MSFN forum as a tip.

Sorry, it is as good as it will be with this old operating system at all.

[Thomas S.]

20 hours ago, heinoganda said:

you have the corresponding virus scanner manufacturer make a "false positive" message

@heinoganda

I have send a email to the false pos AV manufacturers - two answered until now that the HTTPSProxy.exe (last 2018-11-06) is clean.

But today the rating is rising to 21/68 (without this two manufacturers) - what a mess

[heinoganda]

@Thomas S.

Can comfort you, with my updated HTTPSProxy I still have problems with the remaining virus scanners.

https://www.virustotal.com/en/file/bc78dab7ca166aa7f33fd10fd51c79a14a39cda8b8f0071561307e659f5e15e3/analysis/1542245373/

Meanwhile, it becomes more and more problematic the false positives seem to be taken seriously. 

[Thomas S.]

Reporting that behavior to the AV manufacturers do not help.

After a "CLEAN" report and whitelisting the exe some come back a few days later with another false positive alert.

I wrote to VirusTotal and got a list with the adresses of the AV manufacturers. It seems that it is up to date.

See AV.xls

Edited November 16, 2018 by Thomas S.

[Thomas S.]

Up to date, not all AV manufacturers have responded.

But the most important ones have classified the file as not dangerous.

After all, there are currently only 12 false alarms with very different alerts...

[Thomas S.]

New cacert.pem from Curl released (RootCA certificates used by HTTPSProxy).

If you do not have AutoUpdate enabled (provided by Launcher) update the file manually as soon as possible.

This file is also used by sTunnel (here renamed to ca-certs.pem), so you can copy it to the config folder of sTunnel.

Header:

##
## Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Wed Dec  5 04:12:10 2018 GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
## file (certdata.txt).  This file can be found in the mozilla source tree:
## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
##
## It contains the certificates in PEM format and therefore
## can be directly used with curl / libcurl / php_curl, or with
## an Apache+mod_ssl webserver for SSL client authentication.
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version 1.27.
## SHA256: 35b415062acb8c2c27607083b5b3bec8f4ff57463c9b9f06db3e8df3ea895592
##

 

Edited December 8, 2018 by Thomas S.

[Mathwiz]

New version (1.5) of ProxHTTPSProxyMII released by the original author:

On 1/28/2019 at 2:26 PM, Mathwiz said:

The versions of ProxHTTPSProxyMII we've been using all derive from version 1.4 of the original, but apparently it's still being maintained by the original author, and last June a version 1.5 was released with some changes:

Quote

Version 1.5 (20180616)
--------------
+ SubjectAltNames support for DNS and IP
- Leading '*' in commonname.
* Generated cert's Subject field still uses '*' due to some hosts using more characters than allowed.
Example: 18cfdfd73150f69310ab-4d842a0601d0ae955a714605e7fb6d6f.ssl.cf2.rackcdn.com.

The full version, compiled with Python 3.4, is at http://jjoe.proxfilter.net/ProxHTTPSProxyMII/files/ProxHTTPSProxyMII 1.5 34cx_freeze5.0.1urllib3v1.22Win32OpenSSL_Light-1_0_2o-1_1_0h.zip. (Whew; what a file name)

I'm running it now; seems to work fine. I can access Wikipedia from IE8. (I know; why would you want to? But it's a good test due to Wikipedia's ECC cert. )

Edited January 29, 2019 by Mathwiz

[heinoganda]

Have new build generated by ProxHTTPSProxy v1.5 (Rev3a), with small changes script, various python modules updated, config.ini supplemented by some entries, CA certificates (cacert.pem) updated and alternativ cacert.pem from MSCerts (Cert_Updater) 11/28/2018.
If anyone has interest please write a PM to me.

Info:
At Python 3.44 the support ends in March 2019. With the latest cryptography module version 2.5 (Jan 22, 2019) ProxHTTPSProxy does not work on Windows XP anymore. Last working version 2.4.2 (Nov 21, 2018).

Edited February 3, 2019 by heinoganda
Change in support end at Python 3.44 from 2018 to 2019