Upgrading IE8 to TLS 1.2

Windows XP Professional Update Pack discussion.
Post Reply
Posts: 1
Joined: Tue Nov 04, 2014 3:50 pm
Location: Vancouver

Upgrading IE8 to TLS 1.2

Post by wanman » Wed Nov 12, 2014 2:40 pm

With the vulnerabilities in SSL, I find sites now rejecting IE8 browsers. Has anyone found a way to add TLS 1.2 security to IE8? Maybe the recent MS14-066 patch could be used.

User avatar
Site Admin
Posts: 4621
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Wed Nov 12, 2014 3:35 pm

Seems to me that rsaenh.dll needs to be updated, as was the case for Win2003 and XPx64 (KB948963). That update doesn't add TLS 1.1 or 1.2, though.
  • Image

User avatar
Posts: 703
Joined: Tue Aug 21, 2007 8:06 am

Post by Outbreaker » Wed Nov 12, 2014 4:03 pm

I also think that the Heartbleed bug is a Server side vulnerabilitie and not really a Client side vulnerabilitie.

Posts: 4
Joined: Wed Apr 01, 2015 4:13 am

Post by schmatzler » Thu Apr 02, 2015 4:26 am

According to ssllabs, IE8 on XP works only with TLS 1.0, and it even needs a weak cipher, TLS_RSA_WITH_3DES_EDE_CBC_SHA.

That cipher isn't activated on every server out there anymore. You are better off using a different browser on XP, e.g. Palemoon.

Posts: 106
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Post by Zephyr » Mon Aug 08, 2016 3:39 pm

TLS 1.2 security has to be provided by the Windows system libraries for cyptographic functions if you intend to use Internet Explorer, which means using Windows 7 or above. I have not yet encountered an official or unofficial update for XP or Vista that will provide TLS 1.2 security, so it needs to be supported at the application level with browsers like Firefox, Pale Moon and Midori, and SeaMonkey, which have libraries to handle cryptographic functions like SSL, TLS, and certificate validation independent of the operating system's cryptographic libraries.

Of course, if someone could hack the Windows 7 version of rsaenh.dll to be used under XP/2003 I would be over the moon.

Posts: 106
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Upgrading IE8 to TLS 1.2

Post by Zephyr » Tue Feb 06, 2018 4:31 am

Microsoft have released an update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2 and Windows Embedded POSReady 2009 on 16/10/2017. The file name of the package for POSREADY 2009 is windowsxp-kb4019276-x86-embedded-enu.exe. Here is the knowledge base article that details how to make the registry changes to enable TLS 1.1 and 1.2:

https://support.microsoft.com/en-us/hel ... in-windows

Of course once you go into IE8 Tools>Internet Options>Advanced you will find that TLS 1.0 is the most advanced security protocol offered, even after enabling TLS1.1 in the registry.

Thomas S.
Posts: 2
Joined: Wed Jun 06, 2018 1:49 am
Location: Germany

Re: Upgrading IE8 to TLS 1.2

Post by Thomas S. » Thu Jun 07, 2018 2:24 am

There is a new common update for IE8 that brings support for TLS 1.1 and 1.2 (kb4316682).
Available at ms update catalog
Knowledge base article:
https://support.microsoft.com/de-lu/hel ... -kb4316682

After installation I have check boxes in IE8 settings for TLS 1.1 and 1.2
I think it is a 'not full working' update, but I now can see pictures in Outlook 2010 messages which are loaded from higher TLS servers (Outlook uses the windows connection to internet).

What not work: can't load https://www.ssllabs.com (any suggestions about?)
I do not have installed the older update for XP to TLS 1.1 / 1.2 for server connections (have tried this again, makes no change to this problem and delete it again).

At this point a usefull hint:
There is a solution for giving full modern TLS 1.2 support in XP (and IE8).
It was first dicussed on MSFN (lost at the moment).
It works with a HTTPS proxy (only local software) that 'translate' TLS 1.0 to 1.1 / 1.2
And it has full support with modern ciphers and cert management.
It is written in Python
I am in contact with the develloper of this proxy, have made little changes at the code and compiled with all actual python packages to an EXE.
And have written a launcher to manage this proxy.
If there is interest about please let me know. :D

Here I have a picture of ssllabs protocol in IE8 running with HTTPS proxy:
HTTPSProxy.JPG (161.13 KiB) Viewed 10720 times

Posts: 1
Joined: Fri Jun 15, 2018 6:52 am

Re: Upgrading IE8 to TLS 1.2

Post by lolly1 » Tue Jun 19, 2018 3:40 pm

This solution was exact the solution for my problem: I use a Windows XP PC for my digital video recording system, based on Autohotkey, Dreambox and a Video-Cut-Software for Authoring to a BluRay Disc. Everything runs automatically, even the printer is turned on with a USB-Power-Socket and prints a cover from the EPG! But unfortunately the Licence-Server for the a Video-Cut-Software was changed from TLS 1.0 to TLS 1.2. But this is native not supported by XP, even the Microsoft-Patch for this didn't work. But this HTTPSProxy enables TLS 1.2 and I can now use this software further on XP. Many thanks for this perfect solution, it works after several clicks and has a good instruction.

Post Reply