Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


terryindorset

Solving Vista's lack of TLS 1.1 or 1.2.

Recommended Posts

Posted (edited)

I must explain how I got here!  I've been using Vista & MS Flight Simulator 2004 for 13 yrs.  I developed an interest in making my own airports & used a bit of software, Instant Scenery by Flight1. It's a vital tool when making airports.  

About 3 yrs ago the hard drive failed & another was installed by a local firm. Because I like Vista, being so smooth & reliable, I reinstalled all the software. I had problems with Instant Scenery (IS3).  Since I bought it Flight1 changed the way they dealt with reinstallations & I found out I couldn't contact their website because Vista didn't have TLS 1.1 or 1.2.

I was told about your Topic 'Enabling TLS 1.1/1.2 support in Vista's Internet Explorer 9' by the amazing VistaLover. 

I don't use IE but Firefox but I do want to enable TLS 1.1/1.2 & I will be very grateful if you can tell me how to do it.  I have questions !

1=I read, '1. Install then KB4019276'.......How do I get it into Vista? 
2=Are there others needed ?
3=I presume I must use the Registry Editor & do the edits for IE even though I don't use it ?  

I tend to go slightly swivel-eyed reading all this technical stuff, so I apologise now.  I am desperate to add TLS1.2 to Vista & thank you now for any help offered.

Edited by terryindorset

Share this post


Link to post
Share on other sites

Posted (edited)

Try following this, it is essentially the same set of instructions:

https://johnhaller.com/useful-stuff/enable-tls-1.1-and-1.2-on-windows-vista

re-assembled in a way that should be easier to follow/replicate, with a simple pre-made .reg to be merged in the Registry and with an additional link to last Firefox version working on Vista (just in case).

Then try following this:
https://help.hotschedules.com/hc/en-us/articles/360020184072-Enabling-TLS-1-2-on-web-browsers#Firefox

jaclaz

Edited by jaclaz
  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
2 hours ago, terryindorset said:

....I don't use IE but Firefox but I do want to enable TLS 1.1/1.2 & I will be very grateful if you can tell me how to do it..I am desperate to add TLS1.2 to Vista...

Hi terryindorset:

The SSL / TLS protocols your browser supports is specific to the browser you use and is not determined by the operating system. If you follow VistaLover's instructions you will add TLS 1.1 and TLS 1.2 support to your IE9 browser but it would not affect the protocols your Firefox browser supports.

I believe Firefox has supported TLS 1.2 by default since Feb 2014 when Firefox 27 was released.  If you use Firefox ESR v52.9.0 (the legacy version for Win XP/Vista available at https://archive.mozilla.org/pub/firefox/releases/52.9.0esr/win32/) then you should see something similar to the image below when you browse to the Qualys SSL Labs test page at https://www.ssllabs.com/ssltest/viewMyClient.html with your Firefox browser.

1397106829_FirefoxESRv52_3_0QualysTLS1_2Supported21Aug2017.thumb.png.678af4cc5602e412ea80bf0042256aad.png

I added TLS 1.3 support to my Firefox ESR v52.9.0 browser by changing security.tls.version.max to a value of 4 in the advanced browser settings.  See Martin Brinkmann's June 2017 ghacks.net article How to Enable TLS 1.3 Support in Firefox and Chrome for instructions.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

 

Edited by lmacri

Share this post


Link to post
Share on other sites
Posted (edited)

Hi terryindorset:

Further to my previous post, are you the user TerryWallace who created the VistaForums thread Enable TLS 1.2 today?  If so, the additional information you posted there about your OS reinstall and hanging updates sounds like you're affected by the problem described in the FAQ How to Fix Vista SP2 "Checking for Updates..." Hangs and Slow Windows Updates that's pinned at the top of the Windows Update board of that forum.  That FAQ includes a link to instructions on page 1 of m#l's thread Updates not working, it has been searching for updates for hours in the MS Answers Vista board that should get your OS patched to the end of extended support (11-Apr-2017).
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Edited by lmacri

Share this post


Link to post
Share on other sites
Posted (edited)

You could also try to install the older update, KB4019276

https://msfn.org/board/topic/177994-tls-1112-and-vista-issue-no-options/

The thread contains also a note about possibly needing (of course if either update is installed) to modify also the contents of Wow6432Node\CRYPTO on x64 machines.

Also:

https://answers.microsoft.com/en-us/windows/forum/windows_vista-update/updates-not-working-it-has-been-searching-for/92cd6922-17f6-4730-b46b-91a480b95dd3?page=1&messageId=1ef00080-91e9-4ffa-a5a3-92f6ecd69c32

Quote

 

Note 4:  The standalone update packages (.msu files) will get stuck at "Checking for updates..." if there is a Windows Update session already running in the background on your computer.  Most users find that disabling automatic Windows Updates and re-booting is sufficient (STEP # 1), but if your .msu installer still gets stuck you can temporarily disconnect from the internet or stop your Windows Update service (wuauserv) at Control Panel | System and Maintenance | Administrative Tools | Services while running these installers.  Unlike Windows Update, these standalone update packages (.msu files) are associated with the Windows Update Standalone Installer(C:\Windows\System32\wusa.exe) and can be installed on computers without an internet connection.

jaclaz

 

Edited by jaclaz
  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
21 hours ago, lmacri said:

... the additional information you posted there about your OS reinstall and hanging updates sounds like you're affected by the problem described in the FAQ How to Fix Vista SP2 "Checking for Updates..." Hangs and Slow Windows Updates that's pinned at the top of the Windows Update board of that forum ....

Hi terryindorset:

Follow these steps to confirm your Vista SP2 OS is fully patched to end of extended support (11-Apr-2017):

  1. Go to Control Panel | System Information | System and confirm you have Service Pack 2 installed as shown below (as noted in FAQ How to Fix Vista SP2 "Checking for Updates..." Hangs and Slow Windows Updates, users performing a clean reinstall of the OS will not see the Windows Update hangs until after Service Pack 2 is applied).
  2. Run a manual Windows Update (Control Panel | System and Maintenance | Windows Update | Check for Updates).   If you are patched to end of support (11-Apr-2017) Windows Update should run to completion in less than 5 or 10 minutes and report no updates are available.
  3. Launch your IE9 browser and go to Help | About Internet Explorer.  If you are patched to end of support (11-Apr-2017)  you should see that IE9 has Update Versions 9.0.60 / KB4014661 (Cumulative Security Update for Internet Explorer 9: April 11, 2017) as shown below.

As jaclaz noted, if you are not patched to end of support and your background Windows Updates are hanging on "Checking for updates..." then standalone .msu installers will also get stuck and fail to run to completion until you fix your Windows Update problem.

1197446367_VistaSystemInformationServicePack.png.433e3b42e59d7af81854e6a0d878d56b.png

1919296588_IE9VersionKB4014661April2017.png.a125dfc12a3b79cf58e8f3cd31f05a78.png

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Edited by lmacri

Share this post


Link to post
Share on other sites
2 hours ago, lmacri said:

... until you fix your Windows Update problem.

... or you stop the background service or disconnect from the internet (but of course is much better to verify that the OS is patched to last updates :))

jaclaz 

Share this post


Link to post
Share on other sites
On 7/23/2020 at 5:00 AM, terryindorset said:

...I had problems with Instant Scenery (IS3).  Since I bought it Flight1 changed the way they dealt with reinstallations & I found out I couldn't contact their website because Vista didn't have TLS 1.1 or 1.2.

[snipped]
3=I presume I must use the Registry Editor & do the edits for IE even though I don't use it ?  

I didn’t reply because I didn’t know the answer (having long ago made the registry changes), but I’m curious if you have found the answer yourself by now, assuming your software is now able to communicate with the vendor.

As VistaLover once pointed out here, Windows Mail can also benefit from TLS 1.2 support. Much to my surprise, Microsoft is still making monthly security updates for IE9, although sha2 support (another Server 2008 topic) has been required for about a year now.

Share this post


Link to post
Share on other sites
Posted (edited)

jaclaz, Imacri, Vistapocalypse:


My apologies for this tardy reply.
 
I got to this in John Haller's blog; Download this .reg key: vista-tls-1.1-1.2-update.reg but am mystified how to download it.

I use Firefox 52.9.0 ESR.

I set the integer value to 3 to force protocol of TLS 1.2 to be the default.
The sslabs view shows TLS 1.2.  I'll check ghacks later today.......

Yes I am that TerryWallis with a post on VistaForums - I wanted a quick reply to my TLS quest. They were not helpful.

I sorted out the hanging updater (what a rigmarole but it worked) and have installed KB4056564.

My Vista has Service Pack 2.

Looking at the installed updates list I see the last was 30/01/2018.
I've not made any registry changes & am happy to do so if I know what to put !

The problem remains, until I can see TLS in Internet Options I can't contact the IS3 vendor to validate reinstallation........

You know, I've had Vista x64 HP since it appeared & put FS2004 in it.  I find it's smooth & reliable  cp. with W7, but the computer support people I use here throw their hands up in horror at the V word. It went to 10 unblemished yrs until the drive failed & was reinstalled at my insistance.

Thanks for your replies & I hope this is OK?

Terry.

grab_095.jpg

Edited by terryindorset
addtional item & screenshot

Share this post


Link to post
Share on other sites
Posted (edited)

Normally you right click on the link and choose "Save as", anyway you can copy and paste the following and save it with Notepad as "vista-tls-1.1-1.2-update.reg"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"=-

it is a simple .reg file that - once merged to the Registry - deletes the two OsVersion values.

But the issue here may be (see my previous post) that the above is OK for 32 bit systems but for x64 you need other modifications, i,e. this .reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"=-

But since they are just a few changes, only involving deleting a value you can do the above manually with Regedit.

jaclaz

Edited by jaclaz
Corrected .reg file for x64, it had a wrong path
  • Upvote 1

Share this post


Link to post
Share on other sites
Posted (edited)

Hi.  You're much more switched on about this tham I am !   I've not got a clue how to do it.  I read a peice yesterday about using regedit & it meant clicking from this to that & on to that.  Not having done this before I'll have to read it 3 times before doing anything.  BUT, have you got time to write a how-to for me ?  I got the impression I'll have to add folders for TLS 1.1 & 1.2..........

I've copied your above mod.................and this screenshot is what my Internet Options has,

Terry.

grab_027.jpg

Edited by terryindorset

Share this post


Link to post
Share on other sites
6 minutes ago, terryindorset said:

Hi.  You're much more switched on about this tham I am !   I've not got a clue how to do it.  I read a peice yesterday about using regedit & it meant clicking from this to that & on to that.  Not having done this before I'll have to read it 3 times before doing anything.  BUT, have you got time to write a how-to for me ?  I got the impression I'll have to add folders for TLS 1.1 & 1.2..........

I've copied your above mod.................and this screenshot is what my Internet Options has,

Terry.

grab_027.jpg

try the 64bit internet explorer , while the 32bit one doesnt display the tls 1.2 options it will still apply , atleast in my case

Share this post


Link to post
Share on other sites

Well, Regedit is a rather simple tool.

You open it,  you can "run" regedit.exe from the start menu.

https://www.digitalcitizen.life/run-window-windows-7-why-use-it-anymore

You will see a two pane window.

On the left you will see "hives" (imagine for the moment that they are folders in Explorer)

You double click (in the left pane) on HKEY_LOCAL_MACHINE and the "folder" will open showing "sub-folders" (actually "keys") .

You navigate down the tree, since you want to get to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1, you need to click on:

Software
Microsoft
Internet Explorer
AdvancedOptions
CRYPTO
TLS1.1

when you are there, on the right you will find a number of "files" (actually "values"), imagine that they are all .txt files, and that - like it would happen for a .txt file in Eplorer - if you double click on one it will open in Notepad to be edited.

But you don't want to edit it, you should find in the right pane, under the "path":

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1

a "file" ("value") named "OSVersion".

You can right click on it and in the pop-up menu choose "Delete".

That's it, it is not in any way different from deleting a file in Explorer.

Watch this (it is an XP but Vista - besides the looks - is not in any way different):

jaclaz

 

 

Share this post


Link to post
Share on other sites
Posted (edited)

jaclaz........thank you !

I've not used it before but I have to go out now & will carry on when I get back

Cheers.

Terry.

Edited by terryindorset

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, terryindorset said:

...I sorted out the hanging updater (what a rigmarole but it worked) and have installed KB4056564.

My Vista has Service Pack 2. Looking at the installed updates list I see the last was 30/01/2018...

Hi terrryindorset:

Further to my 23-Jul-2020 post <above>, what happens when you run a manual Windows Update (Step # 2) and is your IE9 browser Update Versions 9.0.60 / KB4014661 (Step # 3)?  The image you posted in your VistaForums thread <here> appears to show that the last Vista security updates installed on 30-Jan-2018 have KB numbers like KB2535512 and KB2544893 which were actually released back in 2011, and indicates Windows Update isn't working correctly and still needs to be fixed so it can install your final six years of security updates to patch you back to end of support on 11-Apr-2017.  I'd still suggest you follow the instructions on page 1 of m#l's thread Updates not working, it has been searching for updates for hours in the MS Answers forum and just confirm you have all the required "speed up" patches [e.g., KB3205638 (rel. 13-Dec-2016); KB4012583 (rel. 14-Mar-2017); KB4015380 (rel. 11-Apr-2017), etc.] and that you're fully patched to end of support before you add TLS 1.2 support to your IE9 browser.

I also checked the system requirements <here> for Flight1's Instant Scenery 3 (IS3) for your MS Flight Simulator 2004 and it says "Windows 10 (may not install on other operating systems)".  Did the tech support people at Flight1 specifically say that IS3 would run correctly on a Vista SP2 OS as long as you had an Internet Explorer browser that supports TLS 1.2, or would a Firefox ESR v52.9.0 browser with built-in TLS 1.2 support still meet their system requirements?  Perhaps a downgrade to Instant Scenery 2 (IS2), which is compatible with  XP/Vista/WIn 7, would solve your problem.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Edited by lmacri

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...