Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

Microsoft expiring SHA-1 updates; Will this kill XP?


Recommended Posts

17 hours ago, kuja killer said:

So, this forum is going to stop working for us all once that day arrives, if i understand correctly ?? :( I only use firefox 52.9.1 -im real worried.  :(

highly unlikely that this forum will stop working

  • Like 1
Link to post
Share on other sites

Posted (edited)

@Dixel Do you believe there is some (other) way we might obtain the certificates without having to take them from a 7/8/10 machine?

Thank you for your assistance and insight on this :)

And.. apparently I didn't ask politely enough the first time re this oh-so elusive and super secret: Server 2003 SHA-2 update (that I can not find anywhere?!?!?)

On 5/2/2021 at 8:55 AM, XPerceniol said:

I've been searching around the forum(s) and can't locate this update - would you kindly point me in the direction of where to obtain it? Thank you.

**pretty please w cherries whipped cream and mocha topping**

EDIT: after reading and reading and reading some more.. It appears this (so called) update might be a moot point anyway.

 

Edited by XPerceniol
  • Like 1
Link to post
Share on other sites
Posted (edited)

Thanks Dave ... ugh ... I thought I was up to date. I don't know what I'm missing?

Edited by XPerceniol
Link to post
Share on other sites
Posted (edited)

(Edit: Please refer to the next post.)

Attention! Changing the date to 7th of May doesn't show any problems. Chaning it to 11th of May (two days after SHA1 certificates have expired) does bring up the SEC_ERROR_OSCP_OLD_RESPONSE, if "Use OSCP to confirm the current validity of certificates" is activated in the New Moon browser (refer to my previous post for further info).

Yes, it's correct that having a wrong date leads to HTTPS connection problems. But that is probably because of the actual HTTPS certificates, which are called "valid" for a specific period of time. Have a look at your HTTPS certificates in New Moon under Tools - Preferences - Advanced - Certificates - View Certificates. And double click on one. They have a "Begins On" and an "Expires On" date. Winding the BIOS clock back once a year might get XP-SP2 users out of trouble for now, but it's not a long term soulution and probably other programs will not work properly either with a wrong date.

As it can be seen in the post of @Sampei.Nihira having the XP system updated works. I don't like that fact too, but I think I'll risk it and try it out on the odd Pentium 3. The reason are these thousand reports, that especially later updates slow the older OS down, because Microsoft-Monopoly wants to make the legacy systems look bad. I'll clone my hard drive before going to SP3! And if this performs well on this weak, 20-year old computer, your computers should be fine too. More tests to follow...

@XPerceniol By the way, my rsaenh.dll of SP2 has version number 5.1.2600.2161, so it's older than yours.

Edited by Gansangriff
New tests showed new results. Please continue with the next post.
  • Like 1
Link to post
Share on other sites
5 hours ago, XPerceniol said:

And.. apparently I didn't ask politely enough the first time re this oh-so elusive and super secret: Server 2003 SHA-2 update (that I can not find anywhere?!?!?)

**pretty please w cherries whipped cream and mocha topping**

EDIT: after reading and reading and reading some more.. It appears this (so called) update might be a moot point anyway.

Just to be clear, and even though it may indeed be a moot point anyway, are you looking for KB968730 for Server 2003? 

If so...

On 4/28/2021 at 12:51 PM, erpdude8 said:

WinXP X64 is based on the Server 2003 kernel (NT 5.2), so you need the Server 2003 version of the hotfix if you are running XP x64.
If you need any version of the KB968730 hotfix, look on Thehotfixshare site.

If you scroll down the page, both the x86 and x64 versions are available for Server 2003. 

  • Like 1
Link to post
Share on other sites

KB2868626 contains version 5.131.2600.6459 of crypt32.dll, which is the one I've got.
It also contains version 5.1.2600.6459 of xpsp4res.dll.
My version of xpsp4res.dll is 5.1.2600.7651 however, so where would that have come from?
Presumably a later "SP4" update, as it's only the "Service Pack 4 Messages" dll.
:dubbio:

Link to post
Share on other sites
Posted (edited)

Wow... this is odd. Somehow I've got xpsp4res.dll 5.1.2600.7208 - not a clue where I picked up that one?

untitled_erceniol.JPG.d7a9c1d838532d5c3b02d34e56a5e8c5.JPG

 

Edited by XPerceniol
Link to post
Share on other sites
5 hours ago, Gansangriff said:

...I'll clone my hard drive before going to SP3! And if this performs well on this weak, 20-year old computer, your computers should be fine too. More tests to follow...

Sounds like a plan - I have several images on flash drives (Acronis True Image) in case things go wonky at some point.

I really wish I knew how to direct you to this mysterious sp4 that some of us have; but I'm not even (completely) sure how I wound up with it. I *don't think* it was intentional on my part - perhaps the posready had something to do with this, but I don't know that "trick" would even work anymore.

Good luck with your testing.

Link to post
Share on other sites

Please be clear, there is no Service Pack 4 for Windows XP!
There's nothing to find.
All that happened, as far as I know, is that some later XP updates were installed as "SP4" updates on systems, but only in that their registry entries are listed under "SP4", and the xpsp4res.dll "Service Pack 4 Messages" file was installed.
That almost certainly means that there was going to be a Service Pack 4 for XP at one time, but for whatever reason, Microsoft decided not to press ahead with it and issue it as an installable component.
:)

Link to post
Share on other sites
Posted (edited)
8 hours ago, Dave-H said:

My rsaenh.dll is version 5.1.2600.7345.
:)

this version of rsaenh.dll is included in KB4459091 update for XP embedded (need posready reg hack to install on other XP x86 editions)
also need to update schannel.dll file (KB4459091 has 5.1.2600.7567 of that DLL file)

edit - also read the following from this MS forum thread:

Quote

I have also verified that kb2868626 also supports SHA-2, but it is not explicitly stated.

so KB968730 is not really needed at all as newer updates include it

 

Edited by erpdude8
  • Like 1
Link to post
Share on other sites

Thanks, yes I have those versions of both files.
Good to know where they came from!
:yes:

  • Like 1
Link to post
Share on other sites

Thank you, now I know at least where to get it and will (try to) install KB4459091 (I am missing that one for some reaosn) tomorrow as I'm 'brain-dead' atm ... I feel like a blobfish :(

https://www.catalog.update.microsoft.com/search.aspx?q=KB4459091

Apparently I've been rolling with:

schannel.dll file5.1.2600.6926 (xpsp_sp3_qfe.150921-2029)

rsaenh.dll 5.1.2600.6924 (xpsp_sp3_qfe.150918-0613)

Even though I'm posready.

Have a great day/evening everyone.

 

Link to post
Share on other sites

So to get around this, we would just be adding SHA-2 support to XP? Seems like that would fix any issues.

What concerns me is if this will break existing Microsoft Update files and such, since they are SHA1 signed by Microsoft. Does anyone know if existing files signed in SHA1 will expire on this date? Still may be too close to find any differences right now between signed and not signed. 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...