ProxHTTPSProxy and HTTPSProxy in Windows XP for future use

[AstroSkipper]

17 minutes ago, Dave-H said:

I can't comment on New Moon, but OnlyFans works fine for me in 360Chrome with the proxy switched off in the browser, and with it switched on now as well, although it takes longer to load.
As discussed before, onlyfans.com* has to be added to the [SSL Pass-Thru] section in the proxy config.ini, otherwise it doesn't work, but there seems to be no intrinsic problem with working through the proxy.

Although a little off-topic, the joke of the whole story is that OnlyFans runs much faster and better in New Moon 28 than in 360Chrome on my old Windows XP computer. And I mean that natively without ProxHTTPSProxy. 

[UCyborg]

Because Chromium isn't designed for very old hardware and very old OS. Though to be fair, the browser New Moon is forked from isn't either, MCP is just slow at advancing it. But in other cases, even few years old Chromium versions run circles around all legacy Mozilla forks combined, as far as average raw performance is concerned.

[UCyborg]

That said, I suspect Pale Moon will remain compatible with Windows 7 for quite some time to come. They're not bent on copying Mozilla/Google and I suspect they don't need to rely on fancy sandboxing techniques and the like anytime soon. A fair balance IMO. Though integration with modern OS' notification systems and lock screens would be a nice touch. Mozilla Firefox can show media playback controls both on Windows 10's lock screen and certain modern Linux distros' desktops lock screen as well + on its running program button in the "taskbar" (quotes 'cause they probably use other term for it).

I'd suspect even if they were willing to implement any of these, they'd be lower on the priority list. I'd bump the notifications higher, they're similar to those disappearing balloons Microsoft had for the longest time. These balloons are so 2001, what's the point of having them if you can miss them?

Edited September 3, 2023 by UCyborg

[AstroSkipper]

FYI, I checked the root cerificates for updates and noticed this:



At first glance, it looks like the disallowedcert.sst (revoked certificates) file has been updated. I downloaded it and compared it with the previous version. The contents of the two files are the same. The only thing that has been changed is the file date and timestamp on the server. So, nothing new in the West. 

Cheers, AstroSkipper 

[FranceBB]

2 hours ago, AstroSkipper said:

At first glance, it looks like the disallowedcert.sst (revoked certificates) file has been updated. I downloaded it and compared it with the previous version. The contents of the two files are the same. The only thing that has been changed is the file date and timestamp on the server. So, nothing new in the West.

I saw it too but I just thought "Uh, it's been updated" and I was too lazy to actually check xD

Thank you for letting us know.  

[WSC4]

For the last week, I have been experiment with the first page on this.

11.2.1. Downloads related to the TLS 1.2 proxies

11.2.2. Downloads related to the TLS 1.3 proxies

I got TLS 1.2 proxies working and was able to open Windows Update.  However, clicking the Express or Custom buttons would not load.  I then installed the TLS 1.3 proxies and PopMenu TLS 1.3 3V3 but these would not install at all.  I think it is an XP 64-bit problem.  I read through the page again and saw this:

Due to support of SHA1 for signing certificates ProxHTTPSProxyMII 1.3a can be used in a Windows XP Professional x64 system to access MU successfully. More recent versions use SHA256 to sign certificates and fail while accessing MU. But that also means ProxHTTPSProxyMII 1.3a is not secure and should only be used if there is no other option.

I am running XP Professional x64.  Does that mean I am stuck with only ProxHTTPSProxyMII 1.3a in the 11.1. Archived Downloads {obsolete} section?

[AstroSkipper]

3 hours ago, WSC4 said:

I am running XP Professional x64.  Does that mean I am stuck with only ProxHTTPSProxyMII 1.3a in the 11.1. Archived Downloads {obsolete} section?

I have never been using Windows XP Professional x64. Therefore, I cannot report from my own experience. As you already read in my article, this OS doesn't support SHA256 to sign certificates. Thus, I fear you are stuck with only ProxHTTPSProxyMII 1.3a when accessing MU/WU. For more detailed information in terms of your OS, you should contact @maile3241. He got it working under Windows XP Professional x64. BTW, there are other options to update your OS. I listed them in my thread 'General and specific solutions for problems regarding AU/WU/MU in Windows XP'. Have a look here: 

 

Edited November 8, 2023 by AstroSkipper
Update of content

[WSC4]

Hello AstroSkipper,

Thank you for your reply on this and for all your help.  Greatly appreciated.  I am still working on it and studying it and found his posts On decommissioning of update servers for 2000, XP, (and Vista?) as of July 2019.

On a completely different note and off topic, I found some information on your first page about Area of application for ProxHTTPSProxy or HTTPSProxy.  You mention:

Some e-mail clients like eM Client or Eudora are using IE engine too.

I was just wondering if your proxies can be used for the Microsoft Outlook client in some way please?

Edited November 14, 2023 by WSC4

[AstroSkipper]

13 hours ago, WSC4 said:

I was just wondering if your proxies can be used for the Microsoft Outlook client in some way please?

Hello @WSC4! Do you mean Microsoft Outlook or Outlook Express? Both email clients are very old now and totally unsupported in Windows XP. Therefore, I assume they won't work with most email providers like Gmail and others in these days due to the lack of Oauth2 and other modern security implementations even if a TLS 1.2 connection to these services could be successfully established via ProxHTTPSProxy. My favourite email client for Windows XP is MailNews which works with all my used email services. These more recent email clients come with their own TLS protocols and ciphers which provide TLS 1.2 functionality at least. Using such clients means that ProxHTTPSProxy isn't needed then. 

Edited November 14, 2023 by AstroSkipper
Update of content

[AstroSkipper]

@WSC4 Generally spoken, you can only connect those old programmes to external servers via ProxHTTPSProxy which use the IE engine or offer own settings to connect completely via a local proxy. Or you try to connect to ProxHTTPSProxy via SocksCap64. Have a look here: 

Cheers, AstroSkipper 

Edited November 14, 2023 by AstroSkipper

[WSC4]

Thanks for your info on this, AstroSkipper.

It is Microsoft Outlook 2007 which is bundled with Office Professional 2007.  Yes, it is old I guess, but I'm use to it.

As a matter of fact, it does work with Gmail with either POP3 or IMAP set.  No problems to send and receive.  It uses SSL and TLS.  Unfortunately, I cannot get outlook.com (outlook.live.com) to work.  They say their setting are:

IMAP server:  outlook.office365.com

IMAP port:  993

IMAP encryption:  TLS

SMTP server name:  smtp-mail.outlook.com

SMTP port:  587

SMTP encryption:  STARTTLS

I am now reading articles that beginning December 1, 2022, Microsoft will begin turning off the Transport Layer Security (TLS) 1.0 and 1.1 protocols for POP3 and IMAP4 and enforce the use of TLS 1.2.

I would say that is the reason I cannot connect.  Especially with XP 64-bit and no POSReady updates. :-(

[AstroSkipper]

10 hours ago, WSC4 said:

I am now reading articles that beginning December 1, 2022, Microsoft will begin turning off the Transport Layer Security (TLS) 1.0 and 1.1 protocols for POP3 and IMAP4 and enforce the use of TLS 1.2.

Check on the website https://browserleaks.com/ssl which TLS protocols and ciphers are supported by ProxHTTPSProxyMII 1.3a! I personally never used it. Therefore, I don't know which TLS protocols and ciphersuites are offered by this old version. 

Edited November 15, 2023 by AstroSkipper

[WSC4]

OK.  I put in browserleaks.com in config.ini just under [SSL No-Verify].  I also put it into IE trusted sites.  Was that the correct thing to do?  IE 8 displays this:

[AstroSkipper]

2 hours ago, WSC4 said:

OK.  I put in browserleaks.com in config.ini just under [SSL No-Verify].  I also put it into IE trusted sites.  Was that the correct thing to do?  IE 8 displays this:

Not really.  Actually, you do not need to add browserleaks.com anywhere. So, why did you do that?  Anyway! Please, remove these entries! If ProxHTTPSProxyMII 1.3a has been configured correctly, entered as a proxy in IE and started, it should work immediately when calling up browserleaks.com in IE.  In any case, the website must not show n/a (no js). Your current settings block JavaScript on this website. No good.  All SSL connections should be processed by ProxHTTPSProxyMII. You should only modify the config.ini file if you really know what you are doing and for what reason. Otherwise, the proxy won't work as expected due to misconfigurations. 

Edited November 16, 2023 by AstroSkipper
Update of content

[AstroSkipper]

4 hours ago, AstroSkipper said:

Not really.  Actually, you do not need to add browserleaks.com anywhere. So, why did you do that?  Anyway! Please, remove these entries! If ProxHTTPSProxyMII 1.3a has been configured correctly, entered as a proxy in IE and started, it should work immediately when calling up browserleaks.com in IE.  In any case, the website must not show n/a (no js). Your current settings block JavaScript on this website. No good.  All SSL connections should be processed by ProxHTTPSProxyMII. You should only modify the config.ini file if you really know what you are doing and for what reason. Otherwise, the proxy won't work as expected due to misconfigurations. 

Generally, everything I said in my last post applies. But unfortunately not for https://browserleaks.com/tls which does not work properly with ProxHTTPSProxyMII 1.3a due to certificate problems. I have just tested it. As we already know, this old proxy supports only SHA1 for signing certificates but not SHA256. For browserleaks.com, you need a more recent version of ProxHTTPSProxy and a more recent browser. No full functionality in IE8 anymore. Therefore, forget about https://browserleaks.com/tls and try https://www.ssllabs.com/ssltest/viewMyClient.html! Here is a screenshot accessing https://www.ssllabs.com/ssltest/viewMyClient.html with ProxHTTPSProxyMII 1.3a and IE8:



This service works with the old ProxHTTPSProxyMII 1.3a. As you can see, the old proxy already supports the TLS 1.2 protocol. Therefore, it should work with MU/WU. But one thing is clear: ProxHTTPSProxyMII 1.3a is obsolete and won't work properly with many sites in these days.

Cheers, AstroSkipper

Edited November 16, 2023 by AstroSkipper
Update of content