Jump to content

Problems accessing certain sites (Https aka TLS)


Recommended Posts

@Thomas S.

cffi==                  1.11.2 > 1.11.5
cryptography== 2.1.4   > 2.2.2
packaging==      16.8    > 17.1
pyasn1==           0.4.2   > 0.4.3
pyOpenSSL==    17.5.0 > 18.0.0
urllib3==            1.22    > 1.23

:)

Edited by heinoganda
Link to comment
Share on other sites


  • 2 months later...

Has anybody tried opening https://androidfrog.com on chrome or ie? Has anybody heard that Microsoft released TLS 1.1 and TLS 1.2 less than a year ago for windows xp posready?

Guess what? It does not work. Totally useless. Cipher suites and encryption algothitms come together of course, as all their system files are replaced. I verified that my are replace really.

But does not improve anything. I tried installing both on normal xp sp3 pro x86 + all automatic updates (about 140 of them), and xp posready 2009 + all automatic updates (about 300 of them). Done registry changes as suggested by microsoft including generating my key and folders for those keys in regedit. Nothing again. Looks like they are lieing.

https://cloudblogs.microsoft.com/microsoftsecure/2017/10/05/announcing-support-for-tls-1-1-and-tls-1-2-in-xp-posready-2009/

https://blogs.msdn.microsoft.com/windows-embedded/2017/10/10/announcing-support-for-tls-1-1-and-tls-1-2-in-windows-embedded-standard-2009-and-windows-embedded-posready-2009/

And did you know that internet download manager (IDM) and free download manager (FDM) have https problems too? But internet download accelerator (IDA) has not.

That tutorial from idm is fake or useless, does not work, after i contacted them they say only i am complaining, and it works for rest of world.

http://www.internetdownloadmanager.com/support/xp-https-problems.html

Link to comment
Share on other sites

About the topic that in Google Chrome various encrypted websites can not be opened with the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH has been discussed many times in the forum. This is because Google Chrome accesses the certificates of Windows XP where ECC certificates can not be processed and stored in the certificate management of Windows XP. Therefore, my offer for a local HTTPS Proxy with which these web pages can be opened. (If interested, send me a PM.)
Meanwhile, IE8 also supports TLS 1.2.

ecccheck.jpg

ecccheck2.jpg

:)

Edited by heinoganda
Link to comment
Share on other sites

1 hour ago, siria said:

Not chrome or IE here, but androidfrog.com can't be using TLS1.2.
That page looks quite normal in KM1.6 (=FF3.5), with max SSL3. My useragent is IE7 at the moment.

It says it is tls 1.2 when i click that green padlock left of url field in firefox. In chrome it doesn't work. Oddly, when I set min and max tls version to 0 which is ssl3 in firefox, it still shows tls1.2. Looks like I can't test in firefox lower cipher suite.  Even after restarting browser or using incognito.

Link to comment
Share on other sites

Thanks, works like a charm! And I know how to work with proxy, and I do not need this for firefox but only chrome, because firefox last for xp (52.9.0 esr) has all cipher suites and alghoritms, so i choose its proxy as none instead of system proxy. Also best of all since I have extension for chrome proxy switch omega, it allows me to only redirect chrome through your proxy without interference of other apps. I always thought something like this may work if proxy supports those some https sites, so i thought proxomitron or burpsuite or charles proxy could be used, but never tried them. But your apps anyway wastes much less memory, hdd, cpu, so is real solution. And you can use proxy switch omega as "offline" switch for chrome, by adding proxy like 0.0.0.0 as proxy and making it auto switch shortcut, so just one button click for offline mode. Maybe now I will use chrome again instead of firefox, because main reason for transition was inability of some https websites. Also looks like now I will be able to use internetdownloadmanager again, and actually all apps!!!

One more problem, flux application doesn't work in xp, it says in your app window: "[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [justgetflux.com:443]

 

It displayed this even before using your app. Should I update internet explorer or you your app?

a.JPG

Edited by nijazx86
Link to comment
Share on other sites

With the program f.lux is called in the attitude of the locatian over the IE Google maps, which in the IE7 / 8 no longer functions. Quit ProxHTTPSProxy, start "ProxHTTPSProxy_PSwitch.exe" and quit ProxHTTPSProxy again. This will reset the proxy settings to the former settings of the IE. If you're using a proxy switch (127.0.0.1:8079) on Chrome, then "ProxHTTPSProxy.exe" should be used to start ProxHTTPSProxy.

:)

Link to comment
Share on other sites

Google Maps that is no longer working with older IE is called at f.lux location, there is no other standard browser because f.lux always works on the existing IE. :no:

Reset the proxy settings from the system (IE) if quit ProxHTTPSProxy, start "ProxHTTPSProxy_PSwitch.exe" and quit ProxHTTPSProxy again did not work!

:)

Edited by heinoganda
Link to comment
Share on other sites

Oh i tried opening any other page it didn't work, gave same error. But when I installed ie8 it finally worked. Not the flux, but didn't give error messages in your app, and other websites work, and shows error message about google maps in flux. Now it is ok. I will install win7 on usb or another partition just to get flux registry or files settings for my area, then copy them to xp flux data. Luckily I know how to do that. You program is ok anyway. I thought nobody will ever solve windows xp https, but you solved. Thanks again! Now can enjoy all websites and apps, almost all.

And I am aware that now error in flux has nothing to do with https or your app, but simply interent explorer is too bad. That's why normally i would never use it, but chrome. Also other 3rd party browsers like slimjet, advanced chrome...besides firefox which has not https problems even without your app.

Edited by nijazx86
Link to comment
Share on other sites

  • 2 weeks later...

Reading this thread seems a pain.
From what I can tell, the only working solution so far is to proxy the problematic pages, since XP's TLS 1.1 and 1.2 support is ugh, because of it not being updated to accept ECC certs, or use a good browser that isn't Chromium-based.

Is this true or is there any update to the initial part of the thread, where ReactOS was tested? I don't have another PC and really don't have the time at the moment to setup a VM on this netbook of XP, it seems... pointless for me to do so, to say the least, at least for my opinion.

(Sorry, I'm not good at reading entire threads, I tend to read what's at the beginning and end only, usually they help me out more often than not)

Edited by SRainharp
Link to comment
Share on other sites

Yes, Microsoft introduced TLS1.2 support in XP, but ECC certificates can't be stored so it ends up with a mismatch and it doesn't work. Firefox 52.9 ESR supports TLS1.3 but you have to enable it as it's disabled by default 

 

Microsoft support also said that they are working on TLS1.3, so hopefully crypto.dll will be updated in the near future. Heinoganda did a really good job with his proxy: I have been using it in the past and it was really useful, but I stopped using it mainly because I still use XP to do home-banking and access to my investments and I don't know who owns the server. Of course, traffic still goes through HTTPS so it's supposed to be encrypted, but still...

Edited by FranceBB
Link to comment
Share on other sites

10 hours ago, FranceBB said:

mainly because I still use XP to do home-banking and access to my investments and I don't know who owns the server. Of course, traffic still goes through HTTPS so it's supposed to be encrypted, but still...

Why are you doing home-banking over XP? I'd use XP for anything but that tbh, and I'm an ardent supporter of that 17-years-old OS...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...