Solving Vista's lack of TLS 1.1 or 1.2.

[terryindorset]

Thank you.
You've made the decision for me to install W7 which I've now done.  I learned to fly with Vista so am sad to see it go.

[jaclaz]

54 minutes ago, terryindorset said:

Thank you.
You've made the decision for me to install W7 which I've now done.  I learned to fly with Vista so am sad to see it go.

No , I did NOT make that decision, you made it and I totally and utterly disagree with it.

That equates to giving up  (which is not an option).

Anyway, whatever floats your boat is fine .

jaclaz

[terryindorset]

An aside: I retired 23 yrs ago & am busier now in this CV19 catastrophe with 5 or 6 neighbours than when I worked .
It's very rare I can grab 2 hrs for myself. This Vista problem is something I could do without, hence W7 waits in the wings.

I didn't mean you personally.  I can install W7 when it gets here becaue it's simpler than this invovled rigmarole but I like Vista.

You all talk in code & understand it but I don't.  I've not been faced with any if this before.  I mean John Haller says 'download' but it took me ages to relise he mant copy & paste......I think.

I've got IE9 64 bit but where does that get me?   

However I did use the tip you sent anout the 64bit registry editor.
I checked this out HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\     but there is no Wow6432Node. see screenshot.

You have said 'Then, it is entirely possible that:
a. your *whatever* flight simulator thingy site works now just fine in Firefox'

This FS thingy in is Flight Simulator & has no connection with Firefox. nor to IE9.
The only reason I need TLS1.2 is to connect with my Flight1 account to validate my purchase years ago for the software IS3 to go into my pre-crash Flight Sim in Vista.  My Vista cannot now connect to my Flight1 account because it needs TLS1.2 that it does not have.

IS3 is not dependent on TLS1.2 to work in FS2004 but my ability to contact my Flight1 account from Vista is.

I suggest we forget all about the IS3 software.  I need TLS1.2 in Vista just to contact my Flight1 account to validate my purchase.

Apologies for repeating myself. Now, I appreciate your help & advice & if Vista can have TLS1.2 in Internet Options  that will be wonderful.

I've just found this vista tls update.reg sent on Saturday by John Haller.  He says 'It's a text file, you have to right click and Save As. I've attached it in a zip for you.'  Shall I run it now ?

 

[jaclaz]

Maybe we need to re-start from the beginning?

Forget for one moment IE9 and TLS 1.2 support in Internet Properties.

Fire up Firefox on that machine.

Open with it this URL:

https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

scroll down until you see "Protocol Features/Protocols".

Do you find:

TLS 1.2 Yes

(in green)?

If yes, your current Firefox is using TLS 1.2 allright, then you can try connecting with it to your Flight1 account to validate your purchase.

Post errors (if any) you get when you try to connect to that Flight1 account.

jaclaz

P.S.: as a side note, do check your Vista install "bitness":
https://hk.canon/en/support/8100077700

Normally a 64-bit install needs to have the  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node in oreder to support 32 bit applications, there are very rare cases of "lited" install with the 32 bit subsystem remoevd, but I doubt it is your case.

 

Edited July 27, 2020 by jaclaz

[terryindorset]

Good morning....Yes TLS1.2 & System Type is 64-bit OS

 

The screenshot shows the error & Flight1 tell me this is becaue my Vista isn't TLS1.2 enabled.  It's got nothing to do with a firewall.  HOWEVER, when I use a Windows 7 machine I go straight to my account & can validate it for use in the W7 machine. 

Terry.

I should add that this problem has arisen because Flight1 stopped using File Keys Reinstallaions a few years ago in favour of using the account method.  I am only aware of this with trying to validate the IS3 reinstallation into the reinstalled Vista for use in the Flight Sim.

 

 

 

Edited July 28, 2020 by terryindorset

[jaclaz]

Yep, which means - as expected - that the issue is not TLS 1.2 in itself (as a protocol for browsing) but rather that the *whatever* system IS3 uses makes use of *something* (possibly actually the IE9 "engine" or "subsytem") and that this latter might need to be TLS 1.2 enabled (and possibly something else),

So, back to work.

Did you finally manage to install the KB4056564 successfully?

AFAIK if your system is 64-bit, then you must have the WOW6432Node, unless the OS has been heavily modified, (and even if you hadn't it before, the update should have added it).

Since - reportedly - the update creates the keys in

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\

that registry path must exist.

On the other hand, if your OS is actuallt 32 bit the 64-bit wouldn't install.

The 32-bit version would create the:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2 

paths, that you also don't have, so maybe - and for *whatever reasons* the issue is that on your system the KB405654 didn't install properly.

Maybe there is a pre-requisite of some other updates?

jaclaz 

[terryindorset]

Can I suggest we ignore IS3 which is only relevant once inside my Flight Sim account.   

I just need to use Firefox to get into my Flight1 account which I did with W7 TLS1.2 enabled.  I then asked my account to validate IS3 which would get me 'Validated'.  
If Vista had TLS1.2 I'd see a message that said 'Validated' & the software's ready to use.  

My Vista Home Premium disc says 'This disc contains 62-bit software only.'

BUT - because you mentioned 32-bit I went on & looked at MS & IE and saw this:     I clicked that John Haller reg file earlier - has that got something to do with this ?   

 

Edited July 28, 2020 by terryindorset

[jaclaz]

Yes, you see the value:

OSversion REG_SZ 3.6.1.0.0

in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2?

Select it (left click), then Right click and choose Delete.

Do the same with the same value in 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1

Then check again Internet Properties.

You can have the same effect if you merge the .reg file on https://johnhaller.com/useful-stuff/enable-tls-1.1-and-1.2-on-windows-vista

or the copy I posted here (again, it is not difficult, select the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"=-

open a new Notepad, Paste then save as modtls.reg, then merge into the Registry)

If for whatever reasons the .reg file is not registered on your machine for merging to the Registry, in Regedit File->Import->select the modtls.reg->OK)

Manually or through the .reg file, these two values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1\OSVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2\OSVersion

need to be deleted from your Registry in order to have TLS1.1 and TLS1.2 available in Internet Properties.

 

 

Now, let's see if I can explain to you the issue you are having.

Under Windows 7 TLS 1.2 is enabled in Internet Properties.

Nonetheless, still in Windows 7, Firefox does NOT use THAT TLS 1.2 but rather its own.

Under Vista right now you can connect with Firefox (that still use its own TLS 1.2) but then, when the Flight1.com server wants to communincate, it uses *some other* TLS 1.2 (most probably the files related to IE9/Internet Properties), and since these latter are not enabled, it gives the error.

jaclaz 

P.S.; if you have difficulties in downloading the file from http://johnhaller.com/sites/default/files/downloads/reg/vista-tls-1.1-1.2-update.reg I am attaching it inside a .zip file. extract it and merge it.

 

vista-tls-1.1-1.2-update.reg.zip

Edited July 28, 2020 by jaclaz

[siria]

Slightly unrelated side note:
TEXT screenshots and graphics with sharp borders are usually better saved in lossless png format. In most cases that makes them sharper, and filesize much smaller.
Contrary to fuzzy photo type stuff, which gets a lot smaller and smoother in JPG format.
Of course, png must be made from the original, a sharp conversion from already fuzzy jpg isn't possible.

[terryindorset]

jaclaz.............I have to go out for 3 hrs probably.

Of course neither Firefox nor IE is need to contact my accout, just the facility of TLS1.2.

I've been validating but there's still a problem as you can see in this screenshot.  I've roamed around inside my account & check the software I've bought there.  I've logged in & out with one password so Flight1 are going to have to sort this latest glitch out. 

I'll be back later & thanks for your brilliant & patient help so far!

Terry.

Edited July 28, 2020 by terryindorset
add jpg

[Vistapocalypse]

Although it seems doubtful that this issue is in any way related to Firefox, it might be helpful if OP could confirm that Firefox is selected as default browser in order to finally settle such questions.

It’s puzzling that OSVersion values are still present after using Haller’s Reg file. For future reference, greenhillmaniac of MSFN has Reg files at his Repository in the Extras folders for x64 and x86 respectively.

[jaclaz]

TOTALLY OT:

3 hours ago, siria said:

Slightly unrelated side note:
TEXT screenshots and graphics with sharp borders are usually better saved in lossless png format. In most cases that makes them sharper, and filesize much smaller.
Contrary to fuzzy photo type stuff, which gets a lot smaller and smoother in JPG format.
Of course, png must be made from the original, a sharp conversion from already fuzzy jpg isn't possible.

 

It is clear to me that we give a difference meaning to "slightly".

Anyway, if you want to go that way, meet flif:

https://flif.info/

@Vistapocalypse

I don't know, let's first see a more detailed report from OP, as he said he is not very familiar with what we consider "normal" procedures, so it is entirely possible that the johnaller's .reg didn't originally "get through" and - as an example (this actually happened once to a friend I was trying to help on the telephone) - the copy and paste via Notepad might have generated a modtls.reg.txt file, and the guy kept double ckicking on it and opening it in Notepad, telling me "it works" (because he could see its contents in Notepad) but of course it wasn't actually working and nothing was obviously added (in that case it was a Regitry addition) to the Registry.

From the last post it seems he managed to turn on successfully the TLS1.1 and TLS1.2 in Internet Properties and succeeded (or at least got past the previous error) but found another new issue (likely related to multiple logins from different PC's or *whatever*) . 

jaclaz

Edited July 28, 2020 by jaclaz

[terryindorset]

I now have to deal with Flight1 who just push things back at one & having spent 45 mins or so ressurecting an old account I discover my old purchases have numbers but not dates.

I've going to knock off after a busy afternoon as well, & pop down the road to a friend to taste malt scotch & chat about unimportant things.  Coping with Flight1 is more onerous than dealing with a 10 car pileup......

 

I am very grateful for your help & I'll get in touch again tomorrow.

Terry

[terryindorset]

I'm intrigued, who is OP?

The Haller .reg did get through, at least a windowed message announced that it had been successfully installed in exactly the same way when I clicked your .reg.  Yours was the boot up the backside !?

My older Flight1 account has 2 software items that could be related to this Flight Simulator in Vista, but neither have dates that would allow me to identify which to attempt to reinstall.  I've decided not to mess about trying to see which it is, so bought another one & that is now installed in the simulator & working smoothly.

Contact with my Flight1 account is assured now that TLS.1.1 & 1.2 is enabled in Internet Options. I can now take the computer to the friend I promised it to in time for his birthday.

Thank you for your patient help, I'm grateful to you.

Terry.

Edited July 29, 2020 by terryindorset

[jaclaz]

6 hours ago, terryindorset said:

I'm intrigued, who is OP?

It's you  . (doesn't a rose by any other name smell as sweet? ) 

OP stands for Original Poster (don't you love it when geeks use their jargon? )

6 hours ago, terryindorset said:

The Haller .reg did get through, at least a windowed message announced that it had been successfully installed in exactly the same way ...

 I don't know, maybe when you ran the Haller .reg the keys were not (yet) there because the install of the KB was not complete, or a reboot was needed or *whatever* other glitch, sometimes we can call it voodo   and carry on ignoring the actual reason, the important thing is that now everything works as it should :

6 hours ago, terryindorset said:

Contact with my Flight1 account is assured now that TLS.1.1 & 1.2 is enabled in Internet Options. I can now take the computer to the friend I promised it to in time for his birthday.

Thank you for your patient help, I'm grateful to you.

Terry. 

You are welcome

jaclaz

Edited July 29, 2020 by jaclaz