Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
winxpi

Http and the forced https pages issues(sites wont load)

Recommended Posts

Posted (edited)

Seems Im not the only person with Windows 9x facing issues that pages especially the https ones wont open on either firefox and or Opera 12.

But it does seem that not only that more and more pages by default use https:// at the beginning of their urls they also disallow to open in http:// (port 80) so forcing https to be used in the users browsers.

Thats an issue for Windows 9x users (and maybe also 2000?) since not all browsers really have the support for Http/2 (or h/2) and especially Windows 9x lacks support of this.

This issue is bigger than the one that youtube wont support flash anymore (and most pages by 2020) because even if your hardware supports this it probably wont support h/2.

You could argue that Firefox and Opera partly had SPDY support, but the versions most pages use are not pure http/2 and in others cases spdy/3.1 (none of both have support for any Windows 9x browser so far I know).
That also means that probably if this trend continues one day just a few webpages will be possible to run under Windows 95, Windows 98, Windows ME without extra help of lets say proxies or similiar.
What I find interesting: Some https websites will load with no issues, but most I know wont open at all and will just give you an message that the page cannot be reached or is not available.

This is annoying, we cant do much about this I think. But if someone has experiences like if this is TLS related and so one, you can share this info here.

 

Edited by winxpi
  • Like 1

Share this post


Link to post
Share on other sites

Unsupported cyphers or supported cyphers with unsupported key lengths are the problem with some https sites. The solution is to use an MITM proxy. See this post for the only working solution I know:


 

Share this post


Link to post
Share on other sites

Yes, more and more pages won't open on either Firefox 9.0.1 and or Opera 12 anymore. But I can still open the most and there are only a few I can't. The best experience I have by activating of TLS 1.0 and TLS 1.2 for Opera. Sometimes I must check TLS 1.1, too. Generally FF 9.0.1 seems to be increasingly the better choice.

Loblo, I want to deal with your solution soon.
 

Share this post


Link to post
Share on other sites
Posted (edited)

@Schwups

This is a post I can more relate too, since I tested the browsers mentioned and used no addditional programs.

Did you have the feeling that TLS 1.2 really did work on Windows ME (or whatever systems you tested on)?

I recently found an possibility to actually use "Opera mini" but an very old version. however they say it was updated in 2014 (whats not so old). But dont except the best browser ever (just because its two years fresher). You might open a few news pages images and best in case of text related stuff but its not good to watch flash or html5 or any video(dont have to high hopes).
Also I couldnt yet find out if e-mailing works, but I think in worst-case one might use a mailing software like somebody once suggested.

https://dev.opera.com/articles/installing-opera-mini-on-your-computer/

If you want to do the regular stuff Opera 12 and the Firefox 9 version you mentioned are probably the best there is (maybe palemoon works better dont know all browser).

Back to your post: I however must say I didnt really feel there was much difference using TLS 1.0, TLS 1.1 and or TLS 1.2 on Opera 12.

Also I wonder why Firefox sometimes was more reliable in opening some pages like outlook.com mail page, and Opera would sometimes be "bitchy" about this (working one day the other time not). 

From my understanding it all has to do with H2 and the different configuration of the webservers. I dont know why hotmail seems to be a page that will sometimes allow login (or loading the page) and sometimes wont (maybe they decide to use different servers or whatever) but http/2.0 (or better said the complete usage of https urls instead of the former http 1.1) is not a thing that Windows 9x can take benefit of since the latest browsers that supported Windows 9x where only none, experimental or partially SPDY support. Ofcourse this would be different if there was such a browser supporting full h/2 or atleast SPDY 3.1 (since some pages still use it) on the 9x and or Windows 2000 operating systems.

I wonder more (than the speed) why some pages will not open and some will. Because its not like every https isnt working. Its just some. Maybe also the role of javascript shouldn be underestimated, since my smartphone also sometimes loads heavy using JS pages slow but when I temporary disable JS the residual page gets loaded just a few moments later.

But in case of https I think its also the outdated certificates, from which I dont know alot of and this was also the main reason to open this topic, I wonder if someone tested updating the certificates either on  browser for a Windows 9x machine and then could load more pages than before.
 

Edited by winxpi

Share this post


Link to post
Share on other sites

As I said in my previous post, most https pages not loading are due to unsupported cyphers or unsupported key lengths for supported cyphers. There are no other issues AFAIK, certificates certainly aren't one and fiddling with TLS settings won't help for those issues, and there is only one local solution which is using an MITM proxy supporting those cyphers and/or key lengths on your machine and configure your browsers to use it. Another, non-local, solution is to use proxy websites working OK with Opera12/Firefox 8/9.

 

Currently Burp Suite works but it is going to fail too some day when Java 7 will be obsolete on that front. Ideally, what is needed is an MITM proxy that is as capable and adaptive as Burp Suite but is using the OpenSSL libraries instead of Java cryptography.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×