Jump to content

Upgrading IE8 to TLS 1.2

Thomas S.

By Thomas S.
in Windows XP

 Share

Recommended Posts

user57

user57

Posted
Posted (edited)
On 6/9/2018 at 10:00 PM, Yellow Horror said:

You need to modify registry settings you mentioned above to enable TLS 1.1/1.2 checkboxes in IE settings. You may set the values to 3.5.1.0.0 or delete them - both way work. I don't know if there is an official source for this.

Yes. If kb4019276 isn't installed, you can "enable" the TLS 1.1/1.2 in IE settings, but it will not really work.

here is why the registry entrys might create the so called checkbox for "TLS 1.2/1.2" 

but the algo/keys are not just some entrys that are shown to the internet explorer

 

that KB4019276 has dssenh.dll, ksecdd.sys, lsasrv.dll, rsaenh.dll, schannel.dll, secur32.dll

those are crypto files and TLS is crypto/algo/hash/checksum/sig

those are probaly the core of TLS 1.1/1.2 

 

there are 3 upgrades i found posted on this forum  kb4316682(14.05.2018), kb4230450 (30.05.2018),  kb4493435 (15.03.2019)

in the microsoft catalog they are listened as "internet explorer 8 upgrade/security upgrade" to me these 3 seems to upgrade the IE8 

therefore the IE8 has to be installed before these can be installed, it raise questions if these are for tls 1.1/1.2

and if so it raise the question if not just the newer one can be installed 

 

kb942288 is listened as security upgrade however the files tells us something else to me msiexec.exe seems to be a automatic installer (aka .msi installer files)

because the microsoft installer works like this "msiexec.exe /i "C:\example.msi"" 

 

 

 

kb4467770 only includes winhttp.dll 

winhttp is an interface 

https://learn.microsoft.com/en-us/windows/win32/winhttp/about-winhttp

it actually names "WinHTTP 5.1: Supported SSL protocols include the following: SSL 2.0, SSL 3.0, and Transport Layer Security (TLS) 1.0"

but says nothing about TLS 1.1/1.2

 

it would be good to know if this winhttp.dll/interface is needed or not 

i do not know this web interface but i know it is doing the HTTP request 

however i do not know if the older versions of this interface can work independent of TLS 1.1/1.2 or not (aka if this winhttp.dll is a necessary relation to TLS 1.1/1.2)

it would however tell a possible bond how the IE8 was connected to the crypto modules (dependency walker however do not find any loads regarding the named crypto modules)

 

 

i would be happy if some more knowledge comes out regarding these things

Edited by user57

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...