Beyond TLS 1.0: what could be done?

Windows XP Professional Update Pack discussion.
Post Reply
User avatar
david.lynch
Posts: 12
Joined: Mon Dec 26, 2011 7:27 pm

Beyond TLS 1.0: what could be done?

Post by david.lynch » Sun Jul 31, 2016 6:20 pm

As a lot of websites are moving to TLS 1.2 as cryptographic protocol, I'm looking for a patch or any method for Windows XP to support TLS 1.1 and 1.2.

An example: https://cointelegraph.com/

I've even tried to replace XP's schannel.dll with the most updated one from Server 2008 x86 version, which doesn't work.

Any help would be greatly apreaciated!

Image

User avatar
5eraph
Site Admin
Posts: 4618
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Sun Jul 31, 2016 7:27 pm

All I can suggest at the moment is to try Firefox. Still works under XP, and displays that website without incident.

User avatar
david.lynch
Posts: 12
Joined: Mon Dec 26, 2011 7:27 pm

Post by david.lynch » Sun Jul 31, 2016 7:44 pm

5eraph wrote:All I can suggest at the moment is to try Firefox. Still works under XP, and displays that website without incident.
Thank you, 5eraph. We all owe you a lot here.

...unfortunately many other online resources are stopping to work, as they rely on functionality provided by Windows and not by an alternative web browser...

User avatar
vioplujjnsjzfg
Posts: 129
Joined: Mon Jul 07, 2008 12:07 pm

Post by vioplujjnsjzfg » Wed Sep 21, 2016 4:55 am

SRWare Iron version 39 (specifically 39, higher versions include proprietary codecs and further ways google tracks you)

+

Disconnect.ME

+

Chameleon from Gh0stwords

+

AdBlockPlus

+

The following shortcut switch

--allow-outdated-plugins --ppapi-flash-path=X:\PepperFlashDirectory\pepflashplayer.dll --user-agent="Insert latest Windows chrome generic user agent here"


X= whatever drive letter you use

+

Turn on the "click to play" option in irons settings for plugins.


Finally, always keep a blank " " (space) copied to your clipboard when surfing that is copied from the run box and not the browser.


The above combo i've found is the best way to go and still has good compatibility with most sites and is very fast.
Last edited by vioplujjnsjzfg on Wed Sep 21, 2016 12:37 pm, edited 1 time in total.

User avatar
vioplujjnsjzfg
Posts: 129
Joined: Mon Jul 07, 2008 12:07 pm

Post by vioplujjnsjzfg » Wed Sep 21, 2016 12:23 pm

Updated my above comment with a little bit more info.

Also, one final suggestion is to have generic user account names in XP and don't upload from any specific named folder names.

For instance when checking files using virustotal.com

Use it in good health and don't visit sites you know little about.

Zephyr
Posts: 42
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re:

Post by Zephyr » Sat Dec 10, 2016 6:58 am

david.lynch wrote: ...unfortunately many other online resources are stopping to work, as they rely on functionality provided by Windows and not by an alternative web browser...
In my experience the only problem of this nature occurs when using the last version of Chromium that supported XP which is 49.0.2623.23. Apparently Chromium depends on libraries supplied by the OS for elliptical curve cryptography which means in practice that certain https sites are not available under XP.

Incidentally, the portable Chromium available at Sourceforge does not have the white screen problem with version 49.0.2623.23.
XP FOREVER!

Zephyr
Posts: 42
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Sat Dec 10, 2016 7:11 am

Here are lists of the cipher suites supported by various XP compatible browsers. From these lists it should be obvious that lack of native TLS 1.2 support in XP is not a problem if you do not intend to use Internet Explorer.

SEAMONKEY
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

CHROMIUM
OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)   Forward Secrecy
256OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc15)   Forward Secrecy
256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy
128TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   Forward Secrecy
128TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy
256TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy
256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy
128TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy
128TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)128TLS_RSA_WITH_AES_256_CBC_SHA (0x35)256TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)128TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)112TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0xff)-(1)

MIDORI
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc087) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc072) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc073) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Forward Secrecy 112
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) INSECURE 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc08b) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Forward Secrecy 112
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) INSECURE 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07a) 128
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07b) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xba) 128
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc0) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07c) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07d) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xbe) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc4) Forward Secrecy 256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) Forward Secrecy 112
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0xa2) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0xa3) Forward Secrecy2 256
TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 (0xc080) Forward Secrecy2 128
TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 (0xc081) Forward Secrecy2 256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) Forward Secrecy2 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a) Forward Secrecy2 256
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x44) Forward Secrecy2 128
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 (0xbd) Forward Secrecy2 128
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x87) Forward Secrecy2 256
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 (0xc3) Forward Secrecy2 256
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13) Forward Secrecy2 112
TLS_DHE_DSS_WITH_RC4_128_SHA (0x66) INSECURE 128

LIGHT (FIREFOX)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

PALE MOON
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy2 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) Forward Secrecy2 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128

You can test your own browser for TLS/SSL capabilities by going to https://www.ssllabs.com
XP FOREVER!

Zephyr
Posts: 42
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Sat Dec 10, 2016 7:17 am

david.lynch wrote:I've even tried to replace XP's schannel.dll with the most updated one from Server 2008 x86 version, which doesn't work.
I tried replacing XP's schannel.dll with the one available for Reactos which does support TLS 1.2, but I only managed to screw up my system. It ought to be possible to use the source code for the Reactos schannel.dll and perhaps Wine libraries to make a replacement for the XP schannel.dll, but not being a programmer I do not know how realistic this would be.
XP FOREVER!

Dibya
Posts: 456
Joined: Sat Sep 12, 2015 9:34 am
Location: India

Re: Beyond TLS 1.0: what could be done?

Post by Dibya » Sat Dec 24, 2016 10:08 am

any one can provide me schannel.dll of srv2k8?

Zephyr
Posts: 42
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Tue Feb 06, 2018 4:27 am

Microsoft have released an update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2 and Windows Embedded POSReady 2009 on 16/10/2017. The file name of the package for POSREADY 2009 is windowsxp-kb4019276-x86-embedded-enu.exe. Here is the knowledge base article that details how to make the registry changes to enable TLS 1.1 and 1.2:

https://support.microsoft.com/en-us/hel ... in-windows

I am not sure how this patch could be useful considering that only Microsoft applications use the OS cryptographic libraries, while all the third party browsers and email clients have built-in support for TLS 1.1 and TLS 1.2. I would love to have these more advanced protocols enabled in Outlook Express because it was the greatest email client ever produced, but unless someone can find a way of hacking the msimn.exe this will be an impossible dream. There is, of course. OE Classic which copies much of the GUI and functionality of OE, but it still does not support IMAP accounts.
XP FOREVER!

User avatar
mockingbird
Posts: 97
Joined: Wed Oct 17, 2012 4:28 pm

Re: Beyond TLS 1.0: what could be done?

Post by mockingbird » Tue Feb 06, 2018 1:54 pm

Zephyr wrote:
Tue Feb 06, 2018 4:27 am
I am not sure how this patch could be useful considering that only Microsoft applications use the OS cryptographic libraries, while all the third party browsers and email clients have built-in support for TLS 1.1 and TLS 1.2. I would love to have these more advanced protocols enabled in Outlook Express because it was the greatest email client ever produced, but unless someone can find a way of hacking the msimn.exe this will be an impossible dream. There is, of course. OE Classic which copies much of the GUI and functionality of OE, but it still does not support IMAP accounts.
Some apps force an IE browser window for logging on, so it could be very useful for that scenario.

Personally, I leave IE at 6.x on my XP x64 machine since I have no use for it. Some old apps break if anything higher than 6.x is installed.

User avatar
bphlpt
Posts: 1350
Joined: Sat Apr 19, 2008 1:11 am

Re: Beyond TLS 1.0: what could be done?

Post by bphlpt » Tue Feb 06, 2018 3:37 pm

mockingbird wrote:
Tue Feb 06, 2018 1:54 pm
Personally, I leave IE at 6.x on my XP x64 machine since I have no use for it. Some old apps break if anything higher than 6.x is installed.
If possible, it might be useful to some if you could post a list of apps that work correctly if IE6.x is installed and break if IE8.x+ is installed. Or, someone might be able to figure out how to make them work with IE8.x. Just a thought.

Cheers and Regards

Zephyr
Posts: 42
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Sat Sep 15, 2018 7:05 am

There has been an update for POSREADY 2009 that enables TLS 1.1 and TLS 1.2 support in XP, but first you need the the POSREADY 2009 registry hack to install:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion]
"FeaturePackVersion"="SP3"

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
Copy and paste into a text editor and save with .reg file ending. Execute to add new values to registry.

To add TLS 1.1 and TLS 1.2 support to XP obtain kb4019276 from the Microsoft Update Catalogue and install and reboot. To activate make the following modifications to the registry:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
TLS 1.1 and TLS 1.2 support to Internet Explorer 8 was introduced with the Cumulative Security Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4316682) and all subsequent cumulative security updates including KB4230450, KB4339093, KB4343205, and KB4457426. To display tick boxes for TLS 1.1 and TLS 1.2 in advanced options in IE8 make the following registry modifications:

Code: Select all

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"="3.5.1.0.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"="3.5.1.0.0" 
It may be necessary to uncheck uncheck both "Check for publisher's certificate revocation", and "Check for server certificate revocation" in Tools>Options>Advanced. In the unlikely event that you intend to use IE8 for browsing remember to restore these settings to their default.
XP FOREVER!

User avatar
dencorso
Posts: 57
Joined: Sat Mar 02, 2013 4:06 pm
Location: Brazil

Re: Beyond TLS 1.0: what could be done?

Post by dencorso » Sun Sep 16, 2018 12:28 am

Warning! For the POSReady2009 hack, delete from that .reg file the following lines:

Code: Select all

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion]
"FeaturePackVersion"="SP3"
They don't work anymore, and actually nowadays prevent MU/WU from working. Except for that, I second the suggestions in the post above this.

User avatar
5eraph
Site Admin
Posts: 4618
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Re: Beyond TLS 1.0: what could be done?

Post by 5eraph » Mon Sep 17, 2018 8:35 pm

Thank you, Zephyr. I have verified that the "OSVersion" registry entries work in IE8 when added at T-13 in an unattended XP install.

dencorso is correct. In fact, the only necessary entry for the POSReady2009 hack to work with MU and update package installers is the last one.

Post Reply