apreese16 Posted February 3, 2018 Author Posted February 3, 2018 Thanks everyone! I dont have access to my computer right now but tomorrow i will make sure to look into your suggestions.
apreese16 Posted February 5, 2018 Author Posted February 5, 2018 when I try to delete the registry entry, it gives an error saying "cannot delete PosReady: Error while deleting key" HELP!
dencorso Posted February 5, 2018 Posted February 5, 2018 If you had read the thread here you'd know that already and also how to solve it. But you really don't need to remove the POSReady hack. What you need is to follow the help you've already been given.
Destro Posted February 5, 2018 Posted February 5, 2018 Yeah you don't need to delete it, but if you wanted to delete it, you can only delete it, with offline registry modification. It's advanced, in that I think the average user cannot do this but I don't think it is hard to load a registry hive into another OS like by using winpe boot cd or somthing editing it and unloading it. you don't need to do this you just need to read the help people already gave you.
apreese16 Posted February 5, 2018 Author Posted February 5, 2018 UPDATE: OK, so the updates finally loaded, (after 45 minutes that is, I let it keep loading while watching the super bowl) Updates are now installing, after restart Ill let you all know if I can get tls 1.1 and 1.2 to work. And yes I read through and took the advice given to me by everyone, I just was trying to delete it because I wasn't sure if it would cause other problems with my computer. I wouldn't ignore peoples advice, and that advice was super helpful. Thanks everyone! another update soon.
apreese16 Posted February 5, 2018 Author Posted February 5, 2018 tls 1.1 and 1.2 working! Wikipedia works! The only things is that they don't show up in "advanced"
Guest Posted February 5, 2018 Posted February 5, 2018 Can you enter the procedure you followed to get this result? TH. Can you open the website below? https://www.inail.it/cs/internet/home.html
roytam1 Posted February 5, 2018 Posted February 5, 2018 the biggest issue is that, TLS SNI is missing in XP.
apreese16 Posted February 5, 2018 Author Posted February 5, 2018 11 hours ago, Sampei.Nihira said: Can you enter the procedure you followed to get this result? TH. Can you open the website below? https://www.inail.it/cs/internet/home.html Just read all the way through page 1. And no I cant open that page, it just keeps loading forever.
VistaLover Posted February 6, 2018 Posted February 6, 2018 (edited) Some interesting articles people here should read: https://github.com/client9/sslassert/wiki/IE-Supported-Cipher-Suites https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/ https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx for XP: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512(v=vs.85).aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa380124(v=vs.85).aspx (though SSL2/3 should be disabled due to deprecation/vulnerabilities...) In addition to ECC & SNI missing in XP, that others have already mentioned in this thread, recent cipher suites used in TLS 1.1+ are also missing... On 5/2/2018 at 3:48 PM, Sampei.Nihira said: Can you open the website below? https://www.inail.it/cs/internet/home.html That site uses TLS 1.2, TLS_RSA_WITH_AES_256_CBC_SHA256 (suite unavailable in XP); it does open fine in Vista's IE9 with the addition of TLS 1.2 support; likewise, the following site https://mpv.srsfckn.biz/ won't open even in IE9 on Vista, because, in addition to TLS 1.2 and SNI (which IE9 on Vista does support), it requires any of the following missing suites: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) (source: Qualys SSL Labs - SSL Server Test) On 5/2/2018 at 2:47 PM, apreese16 said: tls 1.1 and 1.2 working! Wikipedia works! The only things is that they don't show up in "advanced" OTOH, @dencorso posted here that they do for him: On 1/2/2018 at 3:41 PM, dencorso said: I mean, at least the Advanced Settings tick boxes for TLS 1.1 and 1.2 do appear as advertised. I don't have XP to test, but have you deleted the "OSVersion" subkeys in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2 ? What would be indeed awesome is for someone to devise a way to add to the system (schannel) missing cipher suites... Edited February 7, 2018 by VistaLover Further clarifications about mpv.srsfckn.biz host
apreese16 Posted February 6, 2018 Author Posted February 6, 2018 9 hours ago, VistaLover said: Some interesting articles people here should read: https://github.com/client9/sslassert/wiki/IE-Supported-Cipher-Suites https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/ https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx for XP: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512(v=vs.85).aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa380124(v=vs.85).aspx (though SSL2/3 should be disabled due to deprecation/vulnerabilities...) In addition to ECC & SNI missing in XP, that others have already mentioned in this thread, recent cipher suites used in TLS 1.1+ are also missing... That site uses TLS 1.2, TLS_RSA_WITH_AES_256_CBC_SHA256 (suite unavailable in XP); it does open fine in Vista's IE9 with the addition of TLS 1.2 support; likewise, the following site https://mpv.srsfckn.biz/ won't open even in IE9 on Vista, because, in addition to TLS 1.2, it requires the following missing suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 OTOH, @dencorso posted here that they do for him: I don't have XP to test, but have you deleted the "OSVersion" subkeys in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2 ? What would be indeed awesome is for someone to devise a way to add to the system (schannel) missing cipher suites... Nope, both sub keys are there And thanks for those articles!
bphlpt Posted February 7, 2018 Posted February 7, 2018 @apreese16, 1 hour ago, apreese16 said: Nope, both sub keys are there Well, in @dencorso's post here, originally posted by @VistaLover here: Quote 3. After restart, launch the Registry Editor (regedit), preferably as Administrator. 4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1 5. Delete the "OSVersion"="3.6.1.0.0" subkey; BTW, I don't know which WinOS that string refers to (Win6.1=Win7) 6. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2 7. Again, delete the "OSVersion"="3.6.1.0.0" subkey. Exit Registry Editor. That might, or might not, make them show up in "advanced", possibly after another restart. No offense, but from reading this entire thread, it seems that you need to read and follow instructions more carefully. Cheers and Regards 1
apreese16 Posted February 7, 2018 Author Posted February 7, 2018 That actually worked! I thought dencorso meant that was for vista only. Sorry! @dencorso I feel really stupid...
ScarletWavez Posted February 8, 2018 Posted February 8, 2018 I always thought IE 8 was aesthetically better than other browsers so it seems a good idea to do this
dencorso Posted February 8, 2018 Posted February 8, 2018 @apreese16: Don't! I reckon I've been terser than needed, of late. Sorry! Then again, all is well that ends well!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now