Thomas S. Posted January 24, 2019 Share Posted January 24, 2019 I have a specific problem with a software that depends on .NET Framework. AlfBanco (online banking) cannot connect to the AlfBanco server. According to the manufacturer, a problem with the following background. It is likely that it cannot establish a connection to the remote server because it cannot establish such a connection in XP (2.0/3.0/3.5/4.0). TLS1.0 is the highest variant in .NET Framework, regardless the capabilities of XP, which can TLS1.2 after updating the system. MS Hotfixes for .NET Framework can only deal with this problem from Vista on. See here: https://support.microsoft.com/en-us/help/3154517/support-for-tls-system-default-versions-included-in-the-net-framework https://support.microsoft.com/en-us/help/3154518/support-for-tls-system-default-versions-included-in-the-net-framework Has anyone ever made any attempts to do this? Is it possible to port the hotfix for Vista 32bit on XP? I have no idea... Link to comment Share on other sites More sharing options...
Destro Posted January 24, 2019 Share Posted January 24, 2019 (edited) https://translate.google.com/translate?hl=en&sl=ja&u=http://blog.livedoor.jp/blackwingcat/archives/1977229.html&prev=search So if I am reading this right and you have the right patch you should be able to modify the registry keys so it says default value in the MS kb Article. KB4344180 -- Security Only Update for .NET Framework 2.0 on WES09 and POSReady 2009 Quote December 17, 2018 Is not KB 3154517 applied to Windows XP / 2000? How to enable TLS 1.1 and 1.2 in the .NET Framework - Summary - - Japan IE Support Team Blog Support for TLS System Default Versions included in .NET Framework 2.0 SP2 on Windows Vista SP2 and Server 2008 SP2 According to him, applying KB 3154517 to Vista seems to be able to use System default TLS with .NET Framework 2.0 SP 2. The update included in KB 3154517 system.dll 2.0.50727.8690 On the other hand, the quality rollup of XP last .Net Framework 2.0 SP2 is KB 4014585, Followed by KB 434 4180, which is an update only for security updates. By the way, 2017-10 Security and Quality Rollup for .NET Framework 2.0 SP2 on WES 09 and POSReady 2009 (KB 4040968) is also a quality update, but only System.Runtime.Remoting.dll is included. KB 434 4180 mscordacwks.dll mscorlib.dll mscorwks.dll SOS.dll System.dll 2.0.50727.8797 It has the processing of SystemDefaultTlsVersions inside properly. So it should be applicable if applied. Edited January 24, 2019 by Destro Link to comment Share on other sites More sharing options...
Mathwiz Posted January 24, 2019 Share Posted January 24, 2019 Try the following registry entries: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 Link to comment Share on other sites More sharing options...
Thomas S. Posted January 26, 2019 Author Share Posted January 26, 2019 The two suggestions don't work. There are two dependencies, I think. First the OS must be able to support HTTPS TLS on higher level. This is done with the update for IE which support TLS 1.1 / 1.2 Second the .NET Framework else. So it makes sense that there are special updates from MS for the .NET Framework. May be there are some new API features for the higher TLS versions in the .NET Framework. Without this new DLLs the .NET application runs into an error. Link to comment Share on other sites More sharing options...
Destro Posted January 27, 2019 Share Posted January 27, 2019 (edited) Acroding to the info I posted the system.dll for XP is newer than he one on vista and supports it. So idk.. you have to enable TLS 1.2 for dedault in IE, and you have to apply the patch I posted for .net and modify the registry as documented by microsoft in the KB article, if it sill doesn't work that it either wont work or it's just you. Edited January 27, 2019 by Destro Link to comment Share on other sites More sharing options...
Thomas S. Posted January 30, 2019 Author Share Posted January 30, 2019 It is not so easy, I think. In the meantime Oulook 2010 (Win XP 32bit) can connect direct to the email provider via TLS1.2. It now works without sTunnel (this was a older solution under XP to support POP / SMTP / IMAP via TLS1.2) Also IE can connect direct via TLS1.2 without proxy (but ciphers and certificate management is restricted). The question is if the newer .NET DLLs in XP support the call of higher TLS versions. Are they the same in XP as in Vista? Or have the XP versions a lower support? And it seems so that the SW uses minimum .NET 4.0.x (not 2.0) Under my actual updated Windows 7 (64bit) it works OK. But there is .NET 4.7.x present. Link to comment Share on other sites More sharing options...
Destro Posted February 1, 2019 Share Posted February 1, 2019 (edited) should be .net 3.5 I am guessing you have all the .nets up to 4.0 installed. ya some or a lot of .net files should be the same not all of them since its like cross platform or platform independent. Edited February 1, 2019 by Destro Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now