Jump to content

Solving Vista's lack of TLS 1.1 or 1.2.


terryindorset

Recommended Posts

5 hours ago, jaclaz said:

But the issue here may be (see my previous post) that the above is OK for 32 bit systems but for x64 you need other modifications...

I believe you are quite correct! It looks like Haller only posted one Reg file, whereas Vista x64 would require a more complex Reg file than Vista x86. MSFN’s own greenhillmaniac has separate Reg files for x86 and x64 at his repository, but I have not used them (having used Regedit in connection with Vista x86 long ago).

However, I believe the full path to the additional x64 keys is probably more like HKLM\SOFTWARE\Wow6432Node\Microsoft\InternetExplorer\AdvancedOptions\CRYPTO\... :unsure:

Link to comment
Share on other sites


27 minutes ago, Vistapocalypse said:

I believe you are quite correct! It looks like Haller only posted one Reg file, whereas Vista x64 would require a more complex Reg file than Vista x86. MSFN’s own greenhillmaniac has separate Reg files for x86 and x64 at his repository, but I have not used them (having used Regedit in connection with Vista x86 long ago).

However, I believe the full path to the additional x64 keys is probably more like HKLM\SOFTWARE\Wow6432Node\Microsoft\InternetExplorer\AdvancedOptions\CRYPTO\... :unsure:

I don't know, I just reported what I found, generally speaking WinClient5270 posts are accurate, but of course there can always be an exception to the rule, possibly a typo

but yes, confirmed (sort of), the correct path is:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

 

https://www.vistax64.com/threads/ie9-last-supported-browser-for-vista.305228/

jaclaz

 

P.S.: I corrected the .reg file I posted earlier AND updated the original thread:
https://msfn.org/board/topic/177994-tls-1112-and-vista-issue-no-options/

 

Edited by jaclaz
Link to comment
Share on other sites

4 hours ago, lmacri said:

...The image you posted in your VistaForums thread <here> appears to show that the last Vista security updates installed on 30-Jan-2018...were actually released back in 2011...

@terryindorset is Internet Explorer 9 installed? I would be very surprised if TLS 1.2 could be implemented with IE7, although I doubt that anyone ever tried.

Link to comment
Share on other sites

Hello jaclaz,

IS3 first:  I had FS2004 & IS (ending with the final version) in Vista from day 1 in 2008 which ran flawlessy for 10 yrs until the drive died in 2018 & was replaced & everything was reinastalled.  Flight1 had stopped recognising the codes that came with the software & did everything on line. They changed the system.  Because validation wouldn't work due to my Vista not having TLS1.2 I was deprived from using it, hence my need to TLS 1.2 to Vista.  I need TLS 1.2 for Firefox to be able contact my account to validate it & no other reason.......

I make airfields, etc & use W7 in 3 other machines with 2 versions of FS2004 - one being Golden Wings 3 which I show via a big screen at events with a fast high-end machine.  All these have IS3 & work smoothly.  My airfields, etc will only work in FS2004 & W7.  I've been using both for a long time.  Some have tried with FSX & some have even got it to work but I couldn't.  

Updates.  I stopped auto updating to install the x64 KB4056564.  I've resumed auto & it's searching. I had no idea updating was a problem & must look into that. It's set to auto & I've assumed it just updated. I use Firefox 52.9.0 which is TLS 1.2

Link to comment
Share on other sites

jaclaz - in your helpful regedit tutorial you have:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1  a "file" ("value") named "OSVersion".    I don't have TLS1.1 just TLS1.0.

ALSO, I've read somewhere here that the TLS 1.2 I want to appear in Internet Options to facilitate my validating IS3 is only for Internet Explorer............?   I have Firefox 52.9.0.

 

grab_032.jpg

Edited by terryindorset
Link to comment
Share on other sites

3 hours ago, terryindorset said:

...I don't have TLS1.1 just TLS1.0...

grab_032.jpg

Pardon me for intruding again, but I’m increasingly convinced that you don’t have IE9. If you have a restore point that was created before embarking on this adventure, then I would suggest that you use it! If you can activate your software by visiting their website using a browser such as Firefox, then by all means do so! That would obviously be much easier than enabling TLS 1.2 systemwide.

Link to comment
Share on other sites

@terryindorset

I believe that:

1) the actual needed files/protocols/whatever are in the KB4056564 you installed.
2) Firefox simply uses them "directly"
3) Internet Explorer is prevented from using them (and thus you cannot see them  in "internet Properties") because of the two keys that you need to delete

So, from what I can understand, you have now working TLS 1.2 in Firefox and NOT working in IE.

The paths are:

32 bit:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

64 bit:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

Check this latter path.

Then, it is entirely possible that:
a. your *whatever* flight simulator thingy site works now just fine in Firefox
or
b. it needs anyway to connect to IE9 and it settings
or
c. it won't work even once IE9 properties show TLS 1.1 and TLS 1.2 unless some other changes/tweaks/updates/whatever are implemented. 

If you prefer your question is actually 3 questions:
1) can I use Firefox on a site with TLS 1.2 <- Yes, now that you have downloaded and installed the update (The sslabs view shows TLS 1.2. )
2) can I have TLS 1.1 and TLS 1.2 in the IE9 Properties?<-Possibly yes, but only once you will have removed the two keys
3) can I have IS3 working on Vista+Firefox? <- No idea, it is well possible that you will need anyway to use IE9, or the TLS1.2 is only one of the requirements.

And you are at this moment at #1.

@Vistapocalypse

Allow me to doubt that a restore point exists (or - even if it exist - it can be found):

20 hours ago, terryindorset said:

... the drive died in 2018 & was replaced & everything was reinastalled. 

jaclaz

See edited post below.
 

Edited by jaclaz
removed assumption, later rephrased
Link to comment
Share on other sites

7 hours ago, Vistapocalypse said:

Pardon me for intruding again, but I’m increasingly convinced that you don’t have IE9. If you have a restore point that was created before embarking on this adventure, then I would suggest that you use it! If you can activate your software by visiting their website using a browser such as Firefox, then by all means do so! That would obviously be much easier than enabling TLS 1.2 systemwide.

If you had read my first post you would have seen 'I don't use IE but Firefox but I do want to enable TLS 1.1/1.2 & I will be very grateful if you can tell me how to do it.' Let me repeat I DON'T USE IE BUT FIREFOX'.

What do you mean by this 'If you can activate your software by visiting their website using a browser such as Firefox,' ?     If you had kept up you will see that I cannot VALIDATE the software becaue my Vista has TLS1.0....see screenshot.  Firefox is TLS1.2 enabled but my Vista isn't.  What do you mean by activating ?  I don't want to activate anything.

D'you know, I came here because I was told this site would help me add TLS1.2 to my Vista, but with snide people like you jabbing away I'm beginning to think I shouldn't have bothered.

 

grab_036.jpg

Link to comment
Share on other sites

 

 

29 minutes ago, jaclaz said:

@terryindorset

I believe that:

1) the actual needed files/protocols/whatever are in the KB4056564 you installed.
2) Firefox simply uses them "directly"
3) Internet Explorer is prevented from using them (and thus you cannot see them  in "internet Properties") because of the two keys that you need to delete

So, from what I can understand, you have now working TLS 1.2 in Firefox and NOT working in IE.

The paths are:

32 bit:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

64 bit:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

Check this latter path.

Then, it is entirely possible that:
a. your *whatever* flight simulator thingy site works now just fine in Firefox
or
b. it needs anyway to connect to IE9 and it settings
or
c. it won't work even once IE9 properties show TLS 1.1 and TLS 1.2 unless some other changes/tweaks/updates/whatever are implemented. 

If you prefer your question is actually 3 questions:
1) can I use Firefox on a site with TLS 1.2 <- Yes, now that you have downloaded and installed the update (The sslabs view shows TLS 1.2. )
2) can I have TLS 1.1 and TLS 1.2 in the IE9 Properties?<-Possibly yes, but only once you will have removed the two keys
3) can I have IS3 working on Vista+Firefox? <- No idea, it is well possible that you will need anyway to use IE9, or the TLS1.2 is only one of the requirements.

And you are at this moment at #1.

@Vistapocalypse

Allow me to doubt that a restore point exists (or - even if it exist - it can be found):

jaclaz
 

jaclaz,  THANK YOU.  I was getting agitated with that Vistaopocalypse & thinking 'stuff this I'll install W7' & you post your insitghful observations that saves the day.  I have to take a neighbour to Bournemouth Hospital & will have a go at your suggestions when I get back this evening.........a long day I think !  Using IE is something I've not done for years !

I've had a quick look & cannot see any Wow6432Node at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Must go I'm late !!!

Edited by terryindorset
Link to comment
Share on other sites

2 hours ago, terryindorset said:

jaclaz,  THANK YOU.  I was getting agitated with that Vistaopocalypse & thinking 'stuff this I'll install W7' & you post your insitghful observations that saves the day.  I have to take a neighbour to Bournemouth Hospital & will have a go at your suggestions when I get back this evening.........a long day I think !  Using IE is something I've not done for years !

 

You are welcome, BUT:

2 hours ago, terryindorset said:

If you had read my first post you would have seen 'I don't use IE but Firefox but I do want to enable TLS 1.1/1.2 & I will be very grateful if you can tell me how to do it.' Let me repeat I DON'T USE IE BUT FIREFOX'.

What do you mean by this 'If you can activate your software by visiting their website using a browser such as Firefox,' ?     If you had kept up you will see that I cannot VALIDATE the software becaue my Vista has TLS1.0....see screenshot.  Firefox is TLS1.2 enabled but my Vista isn't.  What do you mean by activating ?  I don't want to activate anything.

D'you know, I came here because I was told this site would help me add TLS1.2 to my Vista, but with snide people like you jabbing away I'm beginning to think I shouldn't have bothered.

come on, take it easy man :), Vistapocalypse is only trying to help you, since the matter is far from being simple/linear it is perfectly normal that willing helping members post doubts, request for confirmations, theories, ideas (crazy or not so crazy), it is the normal process of brainstorming to solve a problem, particularly when the problem  is "officially" not resolvable (by MS or by the guys that provide the IS3 of by your local computer support people).

jaclaz

P.S.: It is rarely the case (but you never know) check that you are using the "right" version of Regedit (i.e. if you are using one, try the other one), among the most confusing explanations on earth (brought to you by the good guys that put in WOW64 32 bit programs and that call "system" the volume that boots and "boot" the volume that contains the operating system):
https://support.microsoft.com/en-us/help/305097/how-to-view-the-system-registry-by-using-64-bit-versions-of-windows

Edited by jaclaz
Link to comment
Share on other sites

4 hours ago, jaclaz said:

I believe that:

1) the actual needed files/protocols/whatever are in the KB4056564 you installed.
2) Firefox simply uses them "directly"
3) Internet Explorer is prevented from using them (and thus you cannot see them  in "internet Properties") because of the two keys that you need to delete

So, from what I can understand, you have now working TLS 1.2 in Firefox and NOT working in IE....

...If you prefer your question is actually 3 questions:

1) can I use Firefox on a site with TLS 1.2 <- Yes, now that you have downloaded and installed the update (The sslabs view shows TLS 1.2. )
 

Hi jaclaz:

Your assumptions about TLS 1.2 and Firefox ESR v52.9.0 (rel. 26-Jun-2018) are not what I observe on my own Vista SP2 machine.

My Vista SP2 is patched to end of extended support on 11-Apr-2017 [i.e., I have not installed any Windows Server 2008 updates released after April 2017 like the KB4054565 (CredSSP remote code execution vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: March 13, 2018) recommended in John Haller's instructions <here>] and the image I posted <above> on 23-Jul-2020 shows my Firefox ESR browser supports TLS 1.2.  As noted in that post, TLS 1.2 support has been enabled in Firefox since FF 27 was released in 2014 (i.e, security.tls.version.max was automatically set to a value of 3) as stated in the FF 27 release notes <here> and and far as I know, Vista SP2 users who use Firefox ESR v52.9.0 as their default browser should not have to make any changes in their advanced browser settings at about:config or install any OS patches released after end of support on 11-Apr-2017 to connect to secure https web sites that require the TLS 1.2 protocol.

I believe John Haller's instructions allow Vista SP2 users to enable TLS 1.1 and TLS 1.2 support in their Internet Explorer 9.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Malwarebytes Premium v3.5.1-1.0.365
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Edited by lmacri
Link to comment
Share on other sites

1 hour ago, lmacri said:

TLS 1.2 support was automatically enabled in Firefox

When it comes to Firefox, you are absolutely correct: ESR 52 would probably work just fine on Vista REM, certainly on SP1, and supported XP. Why would it have any need for a Windows update that was released after Vista’s EOL?

I believe you are also correct that the OP has unresolved Windows Update issues, and I wish you luck with that.

With the possible exception of @burd, I also believe I am thus far the only poster in this thread who has actually enabled TLS 1.2 on a Vista system, and I do not believe I will be posting here again.

Link to comment
Share on other sites

9 minutes ago, Vistapocalypse said:

When it comes to Firefox, you are absolutely correct: ESR 52 would probably work just fine on Vista REM, certainly on SP1, and supported XP. Why would it have any need for a Windows update that was released after Vista’s EOL?

I believe you are also correct that the OP has unresolved Windows Update issues, and I wish you luck with that.

With the possible exception of @burd, I also believe I am thus far the only poster in this thread who has actually enabled TLS 1.2 on a Vista system, and I do not believe I will be posting here again.

Yup , its enabled for me , but the options to toggle them only appear in the 64bit IE9 for me , but im sure the setting still applies to the 32bit IE9(though i havent been bothered enough to test).

Edited by burd
Link to comment
Share on other sites

2 hours ago, lmacri said:

I believe John Haller's instructions allow Vista SP2 users to enable TLS 1.1 and TLS 1.2 support in their Internet Explorer 9.

True - but if a program needs Vista’s help to connect, I believe Vista is going to use Internet Explorer’s engine regardless of the user’s browser preferences. If I am mistaken, then this thread has no real reason to exist.

Link to comment
Share on other sites

4 hours ago, lmacri said:

Hi jaclaz:

Your assumptions about TLS 1.2 and Firefox ESR v52.9.0 (rel. 26-Jun-2018) are not what I observe on my own Vista SP2 machine.

 

Fine. :)

Let me rephrase.

From new info supplied by lmacri:

@terryindorset

I now believe that:

1) the actual needed files/protocols/whatever for having TLS 1.2 in Internet Explorer AND in the connected rendering engine/whatever are in the KB4056564 you installed.
2) Firefox simply uses them its own TLS 1.2 files "directly"
3) Internet Explorer is prevented from using them (and thus you cannot see them  in "internet Properties") because of the two keys that you need to delete

So, from what I can understand, you have now working TLS 1.2 in Firefox and NOT working in IE.

Then, it is entirely possible that:
a. your *whatever* flight simulator thingy site works now just fine in Firefox
or
b. it needs anyway to connect to IE9 and it settings
or
c. it won't work even once IE9 properties show TLS 1.1 and TLS 1.2 unless some other changes/tweaks/updates/whatever are implemented. 

If you prefer your question is actually 3 questions:
1) can I use Firefox on a site with TLS 1.2 <- Yes, now that you have downloaded and installed the update (The sslabs view shows TLS 1.2. )
2) can I have TLS 1.1 and TLS 1.2 in the IE9 Properties?<-Possibly yes, now that you have downloaded and installed the update, but only once you will have removed the two keys
3) can I have IS3 working on Vista+Firefox? <- No idea, it is well possible that you will need anyway to use IE9, or the TLS1.2 is only one of the requirements.

And you are at this moment at #1.

The central point doesn't however change much, i.e. It is still possible any of: 
1) installing the update was not necessary and everything works in Firefox "as is"
2) that Internet Explorer 9 (AND the update AND the two Registry keys deleted) are actually needed
3) the two above might not be enough and something else is needed to actually do the IS3 *whatever* you need to do

jaclaz

 

 

 

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...