Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
FranceBB

TLS1.3, XP and Firefox

Recommended Posts

It's summer 2018 and TLS 1.3 it's just round the corner, as it seems websites are slowly beginning to adopt the new standard, yet our beloved XP still struggles to fully support TLS1.2 due to the lack of ECC, which will hopefully be added in the near future with a monthly update.

So far, we have been relying on Advanced Chrome to get Chrome 54 (and I spoof my Chrome like so "chrome.exe" --user-agent="Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.70 Safari/537.36"), but unfortunately it uses crypto.dll which doesn't support ECC (yet). So far, the solution was to simply open Firefox to visit the sites that required ECC, but now that TLS1.3 is gonna be deployed, we might be in trouble.

I tested my browser using https://www.ssllabs.com/ssltest/viewMyClient.html and it shows TLS1.2 on both Chrome and Firefox, however, I did remember that Firefox started introducing TLS1.3 as beta first and as silent update later, leaving it disabled for normal users, so I crossed my fingers and I tried to turn it on in my Firefox 52 ESR.

To do so, I changed the security.tls.version.max setting from "3" to "4" in about:config, then I closed it, opened it again and I did the TLS test again without luck.

It seems that TLS1.3 has been included in later versions of Firefox, which leads me to the question: what should we do now?

Edited by FranceBB

Share this post


Link to post
Share on other sites

And yet, changing security.tls.version.max to 4, closing and reopening FF 52 esr does work... :yes:
I don't understand why it didn't work for you (notice that I'm spoofing the NT version as 6.1, however, if that makes any difference). :dubbio:

TLS1.3.GIF

  • Like 1

Share this post


Link to post
Share on other sites

@dencorso... that's weird. I'm gonna try again and I'm gonna reboot my pc this time. Perhaps it didn't update the settings for whatever reason, or perhaps it was just the cache.

Anyway, I contacted Microsoft and I have very good news:

Screenshot:

3CAwJiP.png

Full Chat:

Quote

Frank:
A year ago, you announced support for TLS 1.1 and TLS 1.2 in Windows
Embedded POSReady 2009, however it's mid-2018 now and TLS1.3 is just round
the corner and it will be the next standard for quite some time. It would be
really useful to add support for TLS1.3 as well and I think I'm not the only
customer that would like to see it supported. Are you already working on it? If
not, will you add support for TLS1.3 in the future? Will you at least consider
adding it? Thank you in advance.

Mary:
Thanks for contacting Microsoft support, my name is MaryRose I. Please allow
me a few moments while I review the information you provided.

Mary:
Hello there :)

Frank:
Hi :)

Mary:
I do understand that a lot of you are looking forward for that specific support,
however, Microsoft is still planning this kind of support that can help you on
different issues involved. :)
But technically, we are working on that one...

Mary:
However, we do not have specific dates on when but all I can say is that yes,
Microsoft is working on it. :)

Frank:
Perfect! That's great! Even just knowing that you are working on it is a greast
news!

Mary:
Please bear with us about this and thank you so much, we do appreciate it.

Mary:
But right now, since it does not have yet the support, this kind of issue will fall
under our pro support.

Mary:
Pro support team is open Pacific time 8:30 am to 5:30 pm, Monday to Friday:
CALL 18006427676 and select option for PRO SUPPORT :)

Mary:
But about your request and other loyal customer, we are currently working on it
:)

Frank:
Perfect. Thank you. I think that's about it. I'm gonna end the chat now. ;)

Mary:
Take care.

Edited by FranceBB
  • Like 3

Share this post


Link to post
Share on other sites
55 minutes ago, FranceBB said:

that's weird. I'm gonna try again and I'm gonna reboot my pc this time. Perhaps it didn't update the settings for whatever reason, or perhaps it was just the cache.

Try completely uninstalling Avast. Just disabling it probably don't help but uninstalling should do the trick. TLS 1.3 draft is perfectly working in FF 52.9.0 ESR for me too.:yes:

Share this post


Link to post
Share on other sites

Just adding that I too have modified security.tls.version.max to 4 and have positive results using Firefox ESR 52.9.0

Screen.JPG.ed36ec94d4617dcea3f703959ae05a8e.JPG

Share this post


Link to post
Share on other sites

@FranceBB

Under Windows XP, which can not compete with modern encryption technologies, Avast can only control what Windows XP supports for HTTPS connections, meaning that every HTTPS web page is blocked where it is not verifiable. For this reason, you should deactivate the HTTPS scanning function in the Web Protection component of Avast!

:)

Edited by heinoganda
  • Like 1

Share this post


Link to post
Share on other sites
16 hours ago, FranceBB said:

@dencorso... that's weird. I'm gonna try again and I'm gonna reboot my pc this time. Perhaps it didn't update the settings for whatever reason, or perhaps it was just the cache.

Anyway, I contacted Microsoft and I have very good news:

Screenshot:

3CAwJiP.png

Full Chat:

I think you should ask oleaut32 issue in this moment as well :)

Share this post


Link to post
Share on other sites
18 hours ago, Bersaglio said:

k. TLS 1.3 draft is perfectly working in FF 52.9.0 ESR for me too

I see...

I created a file with the Avast Support Tool and I'm gonna submit it to Avast to report that TLS1.3 is not working.

I'm also gonna report it in the beta forum.

 

@roytam1... I asked it months ago to the regular support and they submitted my enquiry to the specific technical team, but I wasn't able to speak directly with them 'cause I don't have Microsoft Premium Support nor Microsoft Pro Support, so they probably read my enquiry - which was basically filled with the informations collected in this forum - but they never replied.

Share this post


Link to post
Share on other sites
On 8/14/2018 at 12:20 PM, FranceBB said:

It seems that TLS1.3 has been included in later versions of Firefox, which leads me to the question: what should we do now? 

Use Basilisk 52/55:

 

Share this post


Link to post
Share on other sites
On 8/14/2018 at 5:10 PM, heinoganda said:

@FranceBB

Under Windows XP, which can not compete with modern encryption technologies, Avast can only control what Windows XP supports for HTTPS connections, meaning that every HTTPS web page is blocked where it is not verifiable. For this reason, you should deactivate the HTTPS scanning function in the Web Protection component of Avast!

:)

Filip Braun from the Avast Team is now working on it.

  • Like 1

Share this post


Link to post
Share on other sites
On 8/17/2018 at 1:05 AM, ED_Sln said:

Use Basilisk 52/55:

 

 

On 8/15/2018 at 7:21 PM, MaterSystem said:

You can use New Moon 28 instead

Both Firefox 52 ESR, New Moon, and Basilisk still use Draft version of TLS 1.3.

The RFC version of TLS 1.3 have just landed to NSS, time to test it.

  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, roytam1 said:

Both Firefox 52 ESR, New Moon, and Basilisk still use Draft version of TLS 1.3.

The RFC version of TLS 1.3 have just landed to NSS, time to test it.

made some test builds:

 

  • Like 1

Share this post


Link to post
Share on other sites
15 hours ago, roytam1 said:

 

Both Firefox 52 ESR, New Moon, and Basilisk still use Draft version of TLS 1.3.

The RFC version of TLS 1.3 have just landed to NSS, time to test it.

Yes.

Usually Draft 18.

______________________________________________

Also Chrome 68.x uses Draft 23 as default.

To enable Draft 28, the final version, you need to make the change below:

2KMEi.jpg

 

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...