Jump to content

Problems accessing certain sites (Https aka TLS)


Recommended Posts

I think the problem is Chrome specific. It does not appear XP specific, it is an issue on campus under Windows 7 Enterprise. The ERES site at my university does not load files correctly under Chrome, it complains about headers.

The university posted a warning not to use Chrome to download the files. The files download without issue with IE and Firefox.

eres.jpg

eres2.jpg

Link to comment
Share on other sites


Opera 12.02 works on Win98 with KernelEx. But somewhere between 12.02 and 12.17 it quit working :(

You're right; Opera 12 has some problems with modern Web pages. Its Javascript is also rather slow. But I still like it better than the modern, Chromium-based versions.

Anyway, back to the topic: where can I get a Chrome 34 (or 35 or 36) offline installer? It seems to be much harder to find old versions of Chrome than other browsers ???
 

Link to comment
Share on other sites

3 minutes ago, Mathwiz said:

Opera 12.02 works on Win98 with KernelEx. But somewhere between 12.02 and 12.17 it quit working :(

You're right; Opera 12 has some problems with modern Web pages. Its Javascript is also rather slow. But I still like it better than the modern, Chromium-based versions.

Anyway, back to the topic: where can I get a Chrome 34 (or 35 or 36) offline installer? It seems to be much harder to find old versions of Chrome than other browsers ???
 

From back in February, 34.0.1847.37 is the final non-sse Chrome, the last to run on the Pentium III and Athlon XP: The last full installer still available on Google's servers is 34.0.1847.0: https://www.googleapis.com/download/storage/v1/b/chromium-browser-continuous/o/Win%2F251854%2Fchrome-win32.zip?generation=1392779695926000&alt=media

Link to comment
Share on other sites

Thanks! Is that a portable version? I noticed there's no .msi, setup.exe, etc.; but there is a Chrome.exe....

BTW, I made the mistake of actually reading the thread containing your original post. The last post on page 1 contains a link that appears to take you to a malware site! Be careful....
 

Link to comment
Share on other sites

4 hours ago, Mathwiz said:

Thanks! Is that a portable version? I noticed there's no .msi, setup.exe, etc.; but there is a Chrome.exe....

BTW, I made the mistake of actually reading the thread containing your original post. The last post on page 1 contains a link that appears to take you to a malware site! Be careful....
 

It does appear to be a "portable" version- in the sense there is no installer and you simply extract the ZIP and execute the chrome.exe

The executable even works on Windows 2000: it warns that Chrome is designed for XP but it still works on 2000.

Link to comment
Share on other sites

On Sunday, January 01, 2017 at 11:44 PM, sdfox7 said:

It does appear to be a "portable" version- in the sense there is no installer and you simply extract the ZIP and execute the chrome.exe

The executable even works on Windows 2000: it warns that Chrome is designed for XP but it still works on 2000.

Finally tried it. Its About page reports Chromium, Version 34.0.1847.0. Yet, I don't believe it uses XP's schannel.dll, at least not entirely:

  • It supports TLS 1.2, while IE8 (using the "stock" schannel.dll) doesn't
  • It is susceptible to the "Logjam" attack, while IE 8 isn't
  • It supports several ECC cipher suites, although not any of the cipher suites used by aidanwoods.com, unfortunately

Thus, I don't believe Chrome 34's security can be upgraded by replacing schannel.dll :(

Edit: BTW, although Chrome 34 doesn't use schannel.dll, it does use crypt32.dll; but I tried the ReactOS crypt32.dll (plus advapi32_vista.dll from ReactOS) and Chrome chrashed ;) with a missing export in crypt32.dll. So apparently the ReactOS crypt32.dll doesn't implement all the functions Chrome needs. So still no joy.

Looks like the OP needs a different approach. Are there any Chromium-based browsers built without SSE2 instructions? Are any open-source so they could be recompiled without SSE2?

Edited by Mathwiz
Link to comment
Share on other sites

1 hour ago, Mathwiz said:

Looks like the OP needs a different approach. Are there any Chromium-based browsers built without SSE2 instructions? Are any open-source so they could be recompiled without SSE2?

There is was a "disappeared" patch:

https://github.com/graysky2/chromium-no-sse2-patch

(404 now)

Via Wayback Machine:
http://web.archive.org/web/20150209003342/https://github.com/graysky2/chromium-no-sse2-patch

And seemingly a  fork:
https://github.com/bircoph/chromium-no-sse2-patch

itself pointing to a MIA resource on ArchLinux (pointing back to the graysky2 one above)

http://web.archive.org/web/20140910041820/https://aur.archlinux.org/packages/chromium-no-sse2/

 

thestig at chromium.org must be a very nice guy :whistle::

https://bugs.chromium.org/p/chromium/issues/detail?id=400842

Quote

Comment 12 by thestig@chromium.org,  Mar 27 2015 Status: WontFix

If you really want to build Chromium without SSE2, you are welcome to apply your own patches and build your own browser however you like, but the Chromium project is not accepting patches to build without SSE2. Thus I'm closing this bug.

More or less (not actually news) noone actually cares about people with less powerful or slightly old machines :(, as a matter of fact a lot of people seems actively engaged in attempting to force them to upgrade...

jaclaz



 

Edited by jaclaz
Link to comment
Share on other sites

Well, one may fight just so many wars at the same time... so, for the record,  I've decommissioned all of my 5, otherwise perfectly working, Athlon XP Barton machines, because of their non-SSE2 nature. And that led me to give up on 9x/ME, too, after so long. I decided to concentrate on running XP till the end of time, because I clearly don't have the energy or the patience for keeping the fight on three fronts, and I see 9x/ME as an already lost and non-SSE2 as a loosing game. This is my opinion only, it applies to my own case only, and YMMV, of course, but I thought I might as well say it here, just for the record, for those who hadn't guessed it yet.

Link to comment
Share on other sites

The portable version of Opera 12.18 is giving me the follow error at startup, but has zero missing dependencies on Win 98se.

Startup error


Opera has failed to access or upgrade your profile. This may have occurred because your computer has insufficient resources available or because some files are locked by other applications. You may have to restart your computer before Opera will start again.
[ OK ]



Edited by jumper
new testing results
Link to comment
Share on other sites

Believe it or not, I think I found a solution to this vexing problem: how can we use older browsers with https-secured Web sites that use newer security features than the browser does?

The solution I found is a proxy server that performs an intentional MITM (man-in-the-middle) attack on the browser. Obviously that's a security risk, but since everything is running on one machine, the risk is minimal as long as this software properly validates certificates. It's free and can be found here: http://www.proxfilter.net/proxhttpsproxy/. (There's a picture there that explains it better than I can.) I tested it today on my XP VM, and was able to access that aidanwoods.com site with Chrome 34!

It was written so the popular Web-filtering proxy server Proxomitron (used to remove ads, etc., from Web pages) could be used with secure sites, but with a simple configuration change, I confirmed it will run without Proxomitron or any other filtering proxy.

You'll need a recent version of OpenSSL too. I tested 1.0.2j and it worked, so Ninho should be all set for now. As newer cipher suites become popular on the Web, you'll need to update OpenSSL to keep up, but that shouldn't be a problem. Edit: Turns out you only need OpenSSL for the Python version (as well as Python, naturally); everything is already built into the .exe version at the link above. (If you want the Python version or just want to look at the code, the link is at http://prxbx.com/forums/attachment.php?aid=998.)

I think this will work even as far back as Windows 98, but it may be this weekend before I can test it on my Win 98 non-SSE2 system. Once I've done that, I'll post more detailed instructions here and in the Win 98 forum.

 

Edited by Mathwiz
Link to comment
Share on other sites

Well it sounds "just right" :thumbup as an approach, and I would not consider it a MITM "attack", it is just a proxy, and you could also in theory dedicated a local machine (real or virtual) to it.

jaclaz 
 

Link to comment
Share on other sites

Great find, @Mathwiz ! It's actually many many yrs since I've not used the Proxomitron but it's still present and runnable on this system. However after a glance at the proxhttps page it seems like it needs many elements in addition to the proxo (openssl, python) which altogether might hide a few roadblocks - or not. I'll report back when I've had time to actually install and try that thing on my system... 

Postscript : I'm seeing on their forum that I should meet (major?) complications when installing and configuring proxhttps owing to the fact that my Windows XP (nor Seven) "boot" disks are not "C:". Oh well... Life wouldn't be life without complications, would it ?

Link to comment
Share on other sites

@jaclaz;

True, it's not really an "attack;" it uses the same approach as an MITM attack, but it's not doing anything underhanded. And the source code is available; I edited my post above to provide a link to it.

@Ninho;

Turns out you don't need OpenSSL (or Python) after all; if you download the .exe version, everything is already built-in. (I wondered why the .exe was so big!) I edited my post above accordingly.

Edit: Probably the biggest maintenance headache will be keeping the root certificates in the cacert.pem file updated. Edit 2: One way to deal with that would be to schedule a command like "curl --remote-name --time-cond cacert.pem --cacert cacert.pem https://curl.haxx.se/ca/cacert.pem" to run monthly (that site keeps a current extract of Mozilla's trusted certificate list at that URL).
 

Edited by Mathwiz
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...