Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Ninho

Problems accessing certain sites (Https aka TLS)

Recommended Posts

GRRR.... sorry must vent. As was reported already a few days somewhere (?) Wikipedia now completely blocks old browsers too, by accepting ONLY TLS1.2 ciphers. Which makes IMO absolutely no sense if a reader's browser just isn't able to use it, and the reader only wants to see a public page, but have already ranted a bit about that in another topic.

But to add insult to injury, and what makes Wikipedia now even much WORSE as github, twitter, sourceforge, developer.mozilla.org and countless other blocked public sites:
Wikipedia immediately REDIRECTS old browsers to a fix URL warning page:

https://en.wikipedia.org/sec-warning
That means they even destroy the original target URL!
And that means in old browsers it's not even possible anymore to copy the target URL from the blocked page for copy/pasting into a fallback browser.

> Wikipedia is making the site more secure. You are using an old web browser that will not be able
> to connect to Wikipedia in the future. Please update your device or contact your IT administrator.

> We are removing support for insecure TLS protocol versions, specifically TLSv1.0 and TLSv1.1,
> which your browser software relies on to connect to our sites. This is usually caused by using
> some ancient browser or user agents like old Android smartphones.
> Also it could be interference from corporate or personal "Web Security" software which
> actually downgrades connection security.

For now my only lousy workaround will be to make my kmeleon redirecting macro to automatically replace all wikipedia links with something like xxxwikipedia on middle-click, in order to retain at least the URL. The other alternative would be to redirect them all to googlecache or googleweblight automatically too, but want to decide that case-by-case.

Then again, perhaps they'll remove that killer redirect again next year? This sounds like it:

> You must upgrade your browser or otherwise fix this issue to access our sites.
> This message will remain until Jan 1, 2020.
> After that date, your browser will not be able to establish a connection to our servers at all.

Share this post


Link to post
Share on other sites

On 12/13/2019 at 7:11 PM, Dave-H said:

That does look a bit excessive, mine takes about 3 Mb when it's idle, and about 6 Mb while I have a Firefox tab open!
Is the memory use still high with your browsers and/or e-mail programs closed?
:dubbio:

I confirm the situation.

After a few minutes of surfing with only 2 tabs opened with SRWare Iron 49:

8.thumb.jpg.befe23f237d0526ad442a1c98210b22f.jpg

After closing the browser, the memory footprint stay the same. :wacko:

I'm testing the latest build on a ThinkPad T500 with the french edition of XP Pro SP3.

Edited by genieautravail

Share this post


Link to post
Share on other sites

When you look at the console window of HTTPSProxy, what is it actually doing while it's using so much memory with your browsers closed?
I can only think that something else on the system must be generating a lot of network traffic!
:dubbio:

Share this post


Link to post
Share on other sites
19 hours ago, Dave-H said:

When you look at the console window of HTTPSProxy, what is it actually doing while it's using so much memory with your browsers closed?
I can only think that something else on the system must be generating a lot of network traffic!
:dubbio:

Five minutes after closing the browser:

13.thumb.jpg.54ebe7ecfa4d5637db61a1e3fab0ea61.jpg

There is a real memory management issue.:unsure:

Pehaps that @heinoganda has a debug version of the proxy ?

Share this post


Link to post
Share on other sites
14 hours ago, genieautravail said:

There is a real memory management issue.

And what exactly is the issue? Compared to latest Basilisk 52.9 release by @roytam1 used with few open tabs (5-6) with uBO legacy installed memory consumption by ProxHTTPSProxyMII v1.5 at least ten times smaller. And don't forget that Python interpreted scripts are used in ProxHTTPSProxyMII v1.5. Even 120Mb of memory consumption i got once still not comparable with memory consumption of main browser.

Share this post


Link to post
Share on other sites
26 minutes ago, Bersaglio said:

And what exactly is the issue? Compared to latest Basilisk 52.9 release by @roytam1 used with few open tabs (5-6) with uBO legacy installed memory consumption by ProxHTTPSProxyMII v1.5 at least ten times smaller. And don't forget that Python interpreted scripts are used in ProxHTTPSProxyMII v1.5. Even 120Mb of memory consumption i got once still not comparable with memory consumption of main browser.

Memory footprint can't decrease with no activity ?

Share this post


Link to post
Share on other sites
On 12/2/2019 at 5:53 PM, CouMoi said:

Hello,

Thank you for continuing to support XP and the proposal to have MP ProxHTTPSProxy compilation v1.5 (Rev3e) with support for OpenSSL 1.1.1d.

Is it always available ?

CouMoi

Hello, I downloaded the version with OpenSSL 1.1.1d (.RAR) and I will test by replacing in the old version. Thank.

Share this post


Link to post
Share on other sites

Replacing ieframe.dll of Win XP with React OS ieframe.dll allows UC Browser, Chromium 49 and other browsers to use TLS 1.2 but still it requires few modifications. Replacing Crypto32.dll in win xp renders it non bootable.

Share this post


Link to post
Share on other sites
On 2/3/2020 at 4:36 AM, Raheem Jamali said:

Replacing ieframe.dll of Win XP with React OS ieframe.dll allows UC Browser, Chromium 49 and other browsers to use TLS 1.2 but still it requires few modifications.

After replacing the file when loading the OS, an error began to appear about the missing call in the kerner32.dll file. In addition, Internet Explorer and the browser settings in the control panel have completely broken. Support for TLS 1.2 is added by KB4467770: https://support.microsoft.com/en-us/help/4467770/update-to-enable-tls-1-1-and-tls-1-2-as-secure-protocols -on-winhttp

Share this post


Link to post
Share on other sites

Yes I have managed to get it running with few modifications but it completely breaks Internet Explorer. I was testing that to get mbedtls to run in WinXp instead of native security protocol. It would be beneficial when mbedtls would support TLS 1.3 i guess then we would get real benefit. But yeah it breaks IE. Ieframe.dll, schannel.dll, bcrypt.dll mbedtls.dll these files i have replaced. 

Share this post


Link to post
Share on other sites
1 hour ago, Raheem Jamali said:

It would be beneficial when mbedtls would support TLS 1.3

With TLS 1.3, everything is much more complicated, even Windows 10 does not support it. Sites that have versions 1.2 and 1.3 open using version 1.2. And sites with only 1.3 on them do not open at all, displaying a secure connection error. You can check browser support for version TLS 1.3 on this site: https://tls13.1d.pw/

Share this post


Link to post
Share on other sites

You're right, IE11 and Edge cannot connect to that site even on Windows 10.
Firefox 72 however, can.
:)

Share this post


Link to post
Share on other sites
On 2/9/2020 at 12:48 AM, Dave-H said:

You're right, IE11 and Edge cannot connect to that site even on Windows 10.
Firefox 72 however, can.
:)

And on Windows XP Serpent can open https://tls13.1d.pw/ too saying:

"Successfully connected TLS 1.3 OK;"

Unbelievable!

Edited by AstroSkipper
Correction
  • Like 1

Share this post


Link to post
Share on other sites
10 hours ago, AstroSkipper said:

And on Windows XP Serpent can open https://tls13.1d.pw/ too saying:

"Successfully connected TLS 1.3 OK;"

Unbelievable!

In browsers based on Firefox, its own OS-independent encryption engine. Therefore, in these browsers, even in Win 9x, it is technically possible to make support for TLS 1.3. Chrome-based browsers use system encryption, so even TLS 1.1 isn’t there without a system update. But in 360 Extreme Explorer made their own encryption engine, so it also supports TLS 1.3 in Win XP.

Share this post


Link to post
Share on other sites

Websites that only support Chrome are a real dilemma for XP users because those versions of Chrome that will work under windows do not have built in support cipher suites that include Elliptic Curve Digital Signature Algorithms (ECDS), and so have to fall back on system encryption libraries that XP does not have.  However, there is no need to use ProxHTTPSProxyMII because 360 Extreme Explorer is a Chromium based browser with support for TLS 1.3 and cipher suites that include Elliptic Curve Digital Signature Algorithms.  Here are the supported cipher suites for the website that always give the ERR_SSL_VERSION_OR_CIPHER_MISMATCH message in Chrome under XP (https://www.aidanwoods.com/blog/faulty-login-pages/)

TLS_AES_128_GCM_SHA256        
TLS_AES_256_GCM_SHA384            
TLS_CHACHA20_POLY1305_SHA256               
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       
OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256            
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256           
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA            
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256        
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384            
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

Here are the cipher suites supported by Advanced Chrome 54.20.6530.0 which as you can see only include the RSA Digital Signature Algorithms, so nothing matches.

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Here are the cipher suites supported by 360 Extreme Explorer with those that match the supported cipher suites of the aidanwoods.com site highlighted in bold.

TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

From this I have concluded that I only have to replace Advanced Chrome with 360 Extreme Explorer on my XP machine and the problem is solved.  Although browsing with 360 Extreme Explorer is not trouble free due to pages sometimes being displayed in Chinese and Russian it is only the fallback option when MyPal fails to load a website.

Edited by Zorba the Geek

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...