FranceBB Posted August 14, 2018 Posted August 14, 2018 (edited) It's summer 2018 and TLS 1.3 it's just round the corner, as it seems websites are slowly beginning to adopt the new standard, yet our beloved XP still struggles to fully support TLS1.2 due to the lack of ECC, which will hopefully be added in the near future with a monthly update. So far, we have been relying on Advanced Chrome to get Chrome 54 (and I spoof my Chrome like so "chrome.exe" --user-agent="Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.70 Safari/537.36"), but unfortunately it uses crypto.dll which doesn't support ECC (yet). So far, the solution was to simply open Firefox to visit the sites that required ECC, but now that TLS1.3 is gonna be deployed, we might be in trouble. I tested my browser using https://www.ssllabs.com/ssltest/viewMyClient.html and it shows TLS1.2 on both Chrome and Firefox, however, I did remember that Firefox started introducing TLS1.3 as beta first and as silent update later, leaving it disabled for normal users, so I crossed my fingers and I tried to turn it on in my Firefox 52 ESR. To do so, I changed the security.tls.version.max setting from "3" to "4" in about:config, then I closed it, opened it again and I did the TLS test again without luck. It seems that TLS1.3 has been included in later versions of Firefox, which leads me to the question: what should we do now? Edited August 14, 2018 by FranceBB
dencorso Posted August 14, 2018 Posted August 14, 2018 And yet, changing security.tls.version.max to 4, closing and reopening FF 52 esr does work... I don't understand why it didn't work for you (notice that I'm spoofing the NT version as 6.1, however, if that makes any difference). 2
FranceBB Posted August 14, 2018 Author Posted August 14, 2018 (edited) @dencorso... that's weird. I'm gonna try again and I'm gonna reboot my pc this time. Perhaps it didn't update the settings for whatever reason, or perhaps it was just the cache. Anyway, I contacted Microsoft and I have very good news: Screenshot: Full Chat: Quote Frank: A year ago, you announced support for TLS 1.1 and TLS 1.2 in Windows Embedded POSReady 2009, however it's mid-2018 now and TLS1.3 is just round the corner and it will be the next standard for quite some time. It would be really useful to add support for TLS1.3 as well and I think I'm not the only customer that would like to see it supported. Are you already working on it? If not, will you add support for TLS1.3 in the future? Will you at least consider adding it? Thank you in advance. Mary: Thanks for contacting Microsoft support, my name is MaryRose I. Please allow me a few moments while I review the information you provided. Mary: Hello there Frank: Hi Mary: I do understand that a lot of you are looking forward for that specific support, however, Microsoft is still planning this kind of support that can help you on different issues involved. But technically, we are working on that one... Mary: However, we do not have specific dates on when but all I can say is that yes, Microsoft is working on it. Frank: Perfect! That's great! Even just knowing that you are working on it is a greast news! Mary: Please bear with us about this and thank you so much, we do appreciate it. Mary: But right now, since it does not have yet the support, this kind of issue will fall under our pro support. Mary: Pro support team is open Pacific time 8:30 am to 5:30 pm, Monday to Friday: CALL 18006427676 and select option for PRO SUPPORT Mary: But about your request and other loyal customer, we are currently working on it Frank: Perfect. Thank you. I think that's about it. I'm gonna end the chat now. Mary: Take care. Edited August 14, 2018 by FranceBB 3
Bersaglio Posted August 14, 2018 Posted August 14, 2018 55 minutes ago, FranceBB said: that's weird. I'm gonna try again and I'm gonna reboot my pc this time. Perhaps it didn't update the settings for whatever reason, or perhaps it was just the cache. Try completely uninstalling Avast. Just disabling it probably don't help but uninstalling should do the trick. TLS 1.3 draft is perfectly working in FF 52.9.0 ESR for me too.
Dclem Posted August 14, 2018 Posted August 14, 2018 Just adding that I too have modified security.tls.version.max to 4 and have positive results using Firefox ESR 52.9.0 1
heinoganda Posted August 14, 2018 Posted August 14, 2018 (edited) @FranceBB Under Windows XP, which can not compete with modern encryption technologies, Avast can only control what Windows XP supports for HTTPS connections, meaning that every HTTPS web page is blocked where it is not verifiable. For this reason, you should deactivate the HTTPS scanning function in the Web Protection component of Avast! Edited August 14, 2018 by heinoganda 1
roytam1 Posted August 14, 2018 Posted August 14, 2018 16 hours ago, FranceBB said: @dencorso... that's weird. I'm gonna try again and I'm gonna reboot my pc this time. Perhaps it didn't update the settings for whatever reason, or perhaps it was just the cache. Anyway, I contacted Microsoft and I have very good news: Screenshot: Full Chat: I think you should ask oleaut32 issue in this moment as well :)
FranceBB Posted August 15, 2018 Author Posted August 15, 2018 18 hours ago, Bersaglio said: k. TLS 1.3 draft is perfectly working in FF 52.9.0 ESR for me too I see... I created a file with the Avast Support Tool and I'm gonna submit it to Avast to report that TLS1.3 is not working. I'm also gonna report it in the beta forum. @roytam1... I asked it months ago to the regular support and they submitted my enquiry to the specific technical team, but I wasn't able to speak directly with them 'cause I don't have Microsoft Premium Support nor Microsoft Pro Support, so they probably read my enquiry - which was basically filled with the informations collected in this forum - but they never replied.
ED_Sln Posted August 16, 2018 Posted August 16, 2018 On 8/14/2018 at 12:20 PM, FranceBB said: It seems that TLS1.3 has been included in later versions of Firefox, which leads me to the question: what should we do now? Use Basilisk 52/55:
FranceBB Posted August 27, 2018 Author Posted August 27, 2018 On 8/14/2018 at 5:10 PM, heinoganda said: @FranceBB Under Windows XP, which can not compete with modern encryption technologies, Avast can only control what Windows XP supports for HTTPS connections, meaning that every HTTPS web page is blocked where it is not verifiable. For this reason, you should deactivate the HTTPS scanning function in the Web Protection component of Avast! Filip Braun from the Avast Team is now working on it. 1
roytam1 Posted August 28, 2018 Posted August 28, 2018 On 8/17/2018 at 1:05 AM, ED_Sln said: Use Basilisk 52/55: On 8/15/2018 at 7:21 PM, MaterSystem said: You can use New Moon 28 instead Both Firefox 52 ESR, New Moon, and Basilisk still use Draft version of TLS 1.3. The RFC version of TLS 1.3 have just landed to NSS, time to test it. 1
roytam1 Posted August 28, 2018 Posted August 28, 2018 2 hours ago, roytam1 said: Both Firefox 52 ESR, New Moon, and Basilisk still use Draft version of TLS 1.3. The RFC version of TLS 1.3 have just landed to NSS, time to test it. made some test builds: 1
SRainharp Posted August 28, 2018 Posted August 28, 2018 @FranceBB You should mention ECC and POSReady 2009
Guest Posted August 28, 2018 Posted August 28, 2018 (edited) 15 hours ago, roytam1 said: Both Firefox 52 ESR, New Moon, and Basilisk still use Draft version of TLS 1.3. The RFC version of TLS 1.3 have just landed to NSS, time to test it. Yes. Usually Draft 18. ______________________________________________ Also Chrome 68.x uses Draft 23 as default. To enable Draft 28, the final version, you need to make the change below: Edited August 28, 2018 by Sampei.Nihira
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now