Problems accessing certain sites (Https aka TLS)

[genieautravail]

On 12/13/2019 at 7:11 PM, Dave-H said:

That does look a bit excessive, mine takes about 3 Mb when it's idle, and about 6 Mb while I have a Firefox tab open!
Is the memory use still high with your browsers and/or e-mail programs closed?

I confirm the situation.

After a few minutes of surfing with only 2 tabs opened with SRWare Iron 49:

After closing the browser, the memory footprint stay the same. 

I'm testing the latest build on a ThinkPad T500 with the french edition of XP Pro SP3.

Edited December 15, 2019 by genieautravail

[Dave-H]

When you look at the console window of HTTPSProxy, what is it actually doing while it's using so much memory with your browsers closed?
I can only think that something else on the system must be generating a lot of network traffic!

[genieautravail]

19 hours ago, Dave-H said:

When you look at the console window of HTTPSProxy, what is it actually doing while it's using so much memory with your browsers closed?
I can only think that something else on the system must be generating a lot of network traffic!

Five minutes after closing the browser:

There is a real memory management issue.

Pehaps that @heinoganda has a debug version of the proxy ?

[Bersaglio]

14 hours ago, genieautravail said:

There is a real memory management issue.

And what exactly is the issue? Compared to latest Basilisk 52.9 release by @roytam1 used with few open tabs (5-6) with uBO legacy installed memory consumption by ProxHTTPSProxyMII v1.5 at least ten times smaller. And don't forget that Python interpreted scripts are used in ProxHTTPSProxyMII v1.5. Even 120Mb of memory consumption i got once still not comparable with memory consumption of main browser.

[genieautravail]

26 minutes ago, Bersaglio said:

And what exactly is the issue? Compared to latest Basilisk 52.9 release by @roytam1 used with few open tabs (5-6) with uBO legacy installed memory consumption by ProxHTTPSProxyMII v1.5 at least ten times smaller. And don't forget that Python interpreted scripts are used in ProxHTTPSProxyMII v1.5. Even 120Mb of memory consumption i got once still not comparable with memory consumption of main browser.

Memory footprint can't decrease with no activity ?

[Raheem Jamali]

Replacing ieframe.dll of Win XP with React OS ieframe.dll allows UC Browser, Chromium 49 and other browsers to use TLS 1.2 but still it requires few modifications. Replacing Crypto32.dll in win xp renders it non bootable.

[ED_Sln]

On 2/3/2020 at 4:36 AM, Raheem Jamali said:

Replacing ieframe.dll of Win XP with React OS ieframe.dll allows UC Browser, Chromium 49 and other browsers to use TLS 1.2 but still it requires few modifications.

After replacing the file when loading the OS, an error began to appear about the missing call in the kerner32.dll file. In addition, Internet Explorer and the browser settings in the control panel have completely broken. Support for TLS 1.2 is added by KB4467770: https://support.microsoft.com/en-us/help/4467770/update-to-enable-tls-1-1-and-tls-1-2-as-secure-protocols -on-winhttp

[Raheem Jamali]

Yes I have managed to get it running with few modifications but it completely breaks Internet Explorer. I was testing that to get mbedtls to run in WinXp instead of native security protocol. It would be beneficial when mbedtls would support TLS 1.3 i guess then we would get real benefit. But yeah it breaks IE. Ieframe.dll, schannel.dll, bcrypt.dll mbedtls.dll these files i have replaced. 

[ED_Sln]

1 hour ago, Raheem Jamali said:

It would be beneficial when mbedtls would support TLS 1.3

With TLS 1.3, everything is much more complicated, even Windows 10 does not support it. Sites that have versions 1.2 and 1.3 open using version 1.2. And sites with only 1.3 on them do not open at all, displaying a secure connection error. You can check browser support for version TLS 1.3 on this site: https://tls13.1d.pw/

[Dave-H]

You're right, IE11 and Edge cannot connect to that site even on Windows 10.
Firefox 72 however, can.

[AstroSkipper]

On 2/9/2020 at 12:48 AM, Dave-H said:

You're right, IE11 and Edge cannot connect to that site even on Windows 10.
Firefox 72 however, can.

And on Windows XP Serpent can open https://tls13.1d.pw/ too saying:

"Successfully connected TLS 1.3 OK;"

Unbelievable!

Edited February 17, 2020 by AstroSkipper
Correction

[ED_Sln]

10 hours ago, AstroSkipper said:

And on Windows XP Serpent can open https://tls13.1d.pw/ too saying:

"Successfully connected TLS 1.3 OK;"

Unbelievable!

In browsers based on Firefox, its own OS-independent encryption engine. Therefore, in these browsers, even in Win 9x, it is technically possible to make support for TLS 1.3. Chrome-based browsers use system encryption, so even TLS 1.1 isn’t there without a system update. But in 360 Extreme Explorer made their own encryption engine, so it also supports TLS 1.3 in Win XP.

[Zorba the Geek]

Websites that only support Chrome are a real dilemma for XP users because those versions of Chrome that will work under windows do not have built in support cipher suites that include Elliptic Curve Digital Signature Algorithms (ECDS), and so have to fall back on system encryption libraries that XP does not have.  However, there is no need to use ProxHTTPSProxyMII because 360 Extreme Explorer is a Chromium based browser with support for TLS 1.3 and cipher suites that include Elliptic Curve Digital Signature Algorithms.  Here are the supported cipher suites for the website that always give the ERR_SSL_VERSION_OR_CIPHER_MISMATCH message in Chrome under XP (https://www.aidanwoods.com/blog/faulty-login-pages/)

TLS_AES_128_GCM_SHA256        
TLS_AES_256_GCM_SHA384            
TLS_CHACHA20_POLY1305_SHA256               
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       
OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256            
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256           
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA            
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256        
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Here are the cipher suites supported by Advanced Chrome 54.20.6530.0 which as you can see only include the RSA Digital Signature Algorithms, so nothing matches.

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Here are the cipher suites supported by 360 Extreme Explorer with those that match the supported cipher suites of the aidanwoods.com site highlighted in bold.

TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

From this I have concluded that I only have to replace Advanced Chrome with 360 Extreme Explorer on my XP machine and the problem is solved.  Although browsing with 360 Extreme Explorer is not trouble free due to pages sometimes being displayed in Chinese and Russian it is only the fallback option when MyPal fails to load a website.

Edited February 20, 2020 by Zorba the Geek

[genieautravail]

3 hours ago, Zorba the Geek said:

Although browsing with 360 Extreme Explorer is not trouble free due to pages sometimes being displayed in Chinese and Russian it is only the fallback option when MyPal fails to load a website.

The answer about this issue is here:

https://msfn.org/board/topic/178380-extreme-explorer-360-chromium-78-general-discussion/?do=findComment&comment=1174038

 

[Mathwiz]

On 2/2/2020 at 3:36 PM, Raheem Jamali said:

Replacing ieframe.dll of Win XP with React OS ieframe.dll allows UC Browser, Chromium 49 and other browsers to use TLS 1.2 but still it requires few modifications. Replacing Crypto32.dll in win xp renders it non bootable.

On 2/4/2020 at 7:03 AM, ED_Sln said:

After replacing the file when loading the OS, an error began to appear about the missing call in the kerner32.dll file. In addition, Internet Explorer and the browser settings in the control panel have completely broken. Support for TLS 1.2 is added by KB4467770: https://support.microsoft.com/en-us/help/4467770/update-to-enable-tls-1-1-and-tls-1-2-as-secure-protocols-on-winhttp

What are you folks trying to accomplish here? Support for TLS 1.2 was added to XP (actually, POSReady '09) long ago by the above mentioned KB, and to IE8 specifically by KB4316682 (later cumulative IE8 updates should work too):

TLS 1.2 support is limited though, because native support for ECC (certificates and ciphers) was never added to XP.

On 2/4/2020 at 11:01 PM, Raheem Jamali said:

Yes I have managed to get it running with few modifications but it completely breaks Internet Explorer. I was testing that to get mbedtls to run in WinXp instead of native security protocol. It would be beneficial when mbedtls would support TLS 1.3 i guess then we would get real benefit. But yeah it breaks IE. Ieframe.dll, schannel.dll, bcrypt.dll mbedtls.dll these files i have replaced. 

If it's TLS 1.3 you want (without using ProxHTTPSProxyMII) on IE/Chrome, I'd bet you're going to have to perform some pretty major surgery. Might be better off just migrating to ReactOS, or just using a browser with native TLS 1.3 support like EE 360 or @roytam1's Serpent.