Beyond TLS 1.0: what could be done?

Windows XP Professional Update Pack discussion.
Post Reply
User avatar
david.lynch
Posts: 12
Joined: Mon Dec 26, 2011 7:27 pm

Beyond TLS 1.0: what could be done?

Post by david.lynch » Sun Jul 31, 2016 6:20 pm

As a lot of websites are moving to TLS 1.2 as cryptographic protocol, I'm looking for a patch or any method for Windows XP to support TLS 1.1 and 1.2.

An example: https://cointelegraph.com/

I've even tried to replace XP's schannel.dll with the most updated one from Server 2008 x86 version, which doesn't work.

Any help would be greatly apreaciated!

Image

User avatar
5eraph
Site Admin
Posts: 4621
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Post by 5eraph » Sun Jul 31, 2016 7:27 pm

All I can suggest at the moment is to try Firefox. Still works under XP, and displays that website without incident.

User avatar
david.lynch
Posts: 12
Joined: Mon Dec 26, 2011 7:27 pm

Post by david.lynch » Sun Jul 31, 2016 7:44 pm

5eraph wrote:All I can suggest at the moment is to try Firefox. Still works under XP, and displays that website without incident.
Thank you, 5eraph. We all owe you a lot here.

...unfortunately many other online resources are stopping to work, as they rely on functionality provided by Windows and not by an alternative web browser...

User avatar
vioplujjnsjzfg
Posts: 131
Joined: Mon Jul 07, 2008 12:07 pm

Post by vioplujjnsjzfg » Wed Sep 21, 2016 4:55 am

SRWare Iron version 39 (specifically 39, higher versions include proprietary codecs and further ways google tracks you)

+

Disconnect.ME

+

Chameleon from Gh0stwords

+

AdBlockPlus

+

The following shortcut switch

--allow-outdated-plugins --ppapi-flash-path=X:\PepperFlashDirectory\pepflashplayer.dll --user-agent="Insert latest Windows chrome generic user agent here"


X= whatever drive letter you use

+

Turn on the "click to play" option in irons settings for plugins.


Finally, always keep a blank " " (space) copied to your clipboard when surfing that is copied from the run box and not the browser.


The above combo i've found is the best way to go and still has good compatibility with most sites and is very fast.
Last edited by vioplujjnsjzfg on Wed Sep 21, 2016 12:37 pm, edited 1 time in total.

User avatar
vioplujjnsjzfg
Posts: 131
Joined: Mon Jul 07, 2008 12:07 pm

Post by vioplujjnsjzfg » Wed Sep 21, 2016 12:23 pm

Updated my above comment with a little bit more info.

Also, one final suggestion is to have generic user account names in XP and don't upload from any specific named folder names.

For instance when checking files using virustotal.com

Use it in good health and don't visit sites you know little about.

Zephyr
Posts: 49
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re:

Post by Zephyr » Sat Dec 10, 2016 6:58 am

david.lynch wrote: ...unfortunately many other online resources are stopping to work, as they rely on functionality provided by Windows and not by an alternative web browser...
In my experience the only problem of this nature occurs when using the last version of Chromium that supported XP which is 49.0.2623.23. Apparently Chromium depends on libraries supplied by the OS for elliptical curve cryptography which means in practice that certain https sites are not available under XP.

Incidentally, the portable Chromium available at Sourceforge does not have the white screen problem with version 49.0.2623.23.
XP FOREVER!

Zephyr
Posts: 49
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Sat Dec 10, 2016 7:11 am

Here are lists of the cipher suites supported by various XP compatible browsers. From these lists it should be obvious that lack of native TLS 1.2 support in XP is not a problem if you do not intend to use Internet Explorer.

SEAMONKEY
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

CHROMIUM
OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc13)   Forward Secrecy
256OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcc15)   Forward Secrecy
256TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy
128TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   Forward Secrecy
128TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy
256TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   Forward Secrecy
256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy
128TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   Forward Secrecy
128TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)128TLS_RSA_WITH_AES_256_CBC_SHA (0x35)256TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)128TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)112TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0xff)-(1)

MIDORI
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc087) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc072) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc073) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Forward Secrecy 112
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007) INSECURE 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc08b) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Forward Secrecy 112
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) INSECURE 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07a) 128
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07b) 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xba) 128
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc0) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07c) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07d) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xbe) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc4) Forward Secrecy 256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) Forward Secrecy 112
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0xa2) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0xa3) Forward Secrecy2 256
TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 (0xc080) Forward Secrecy2 128
TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 (0xc081) Forward Secrecy2 256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x40) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) Forward Secrecy2 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x6a) Forward Secrecy2 256
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x44) Forward Secrecy2 128
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 (0xbd) Forward Secrecy2 128
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x87) Forward Secrecy2 256
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 (0xc3) Forward Secrecy2 256
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x13) Forward Secrecy2 112
TLS_DHE_DSS_WITH_RC4_128_SHA (0x66) INSECURE 128

LIGHT (FIREFOX)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

PALE MOON
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy2 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) Forward Secrecy2 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) Forward Secrecy 256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128

You can test your own browser for TLS/SSL capabilities by going to https://www.ssllabs.com
XP FOREVER!

Zephyr
Posts: 49
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Sat Dec 10, 2016 7:17 am

david.lynch wrote:I've even tried to replace XP's schannel.dll with the most updated one from Server 2008 x86 version, which doesn't work.
I tried replacing XP's schannel.dll with the one available for Reactos which does support TLS 1.2, but I only managed to screw up my system. It ought to be possible to use the source code for the Reactos schannel.dll and perhaps Wine libraries to make a replacement for the XP schannel.dll, but not being a programmer I do not know how realistic this would be.
XP FOREVER!

Dibya
Posts: 470
Joined: Sat Sep 12, 2015 9:34 am
Location: India

Re: Beyond TLS 1.0: what could be done?

Post by Dibya » Sat Dec 24, 2016 10:08 am

any one can provide me schannel.dll of srv2k8?

Zephyr
Posts: 49
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Tue Feb 06, 2018 4:27 am

Microsoft have released an update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2 and Windows Embedded POSReady 2009 on 16/10/2017. The file name of the package for POSREADY 2009 is windowsxp-kb4019276-x86-embedded-enu.exe. Here is the knowledge base article that details how to make the registry changes to enable TLS 1.1 and 1.2:

https://support.microsoft.com/en-us/hel ... in-windows

I am not sure how this patch could be useful considering that only Microsoft applications use the OS cryptographic libraries, while all the third party browsers and email clients have built-in support for TLS 1.1 and TLS 1.2. I would love to have these more advanced protocols enabled in Outlook Express because it was the greatest email client ever produced, but unless someone can find a way of hacking the msimn.exe this will be an impossible dream. There is, of course. OE Classic which copies much of the GUI and functionality of OE, but it still does not support IMAP accounts.
XP FOREVER!

User avatar
mockingbird
Posts: 102
Joined: Wed Oct 17, 2012 4:28 pm

Re: Beyond TLS 1.0: what could be done?

Post by mockingbird » Tue Feb 06, 2018 1:54 pm

Zephyr wrote:
Tue Feb 06, 2018 4:27 am
I am not sure how this patch could be useful considering that only Microsoft applications use the OS cryptographic libraries, while all the third party browsers and email clients have built-in support for TLS 1.1 and TLS 1.2. I would love to have these more advanced protocols enabled in Outlook Express because it was the greatest email client ever produced, but unless someone can find a way of hacking the msimn.exe this will be an impossible dream. There is, of course. OE Classic which copies much of the GUI and functionality of OE, but it still does not support IMAP accounts.
Some apps force an IE browser window for logging on, so it could be very useful for that scenario.

Personally, I leave IE at 6.x on my XP x64 machine since I have no use for it. Some old apps break if anything higher than 6.x is installed.

User avatar
bphlpt
Posts: 1374
Joined: Sat Apr 19, 2008 1:11 am

Re: Beyond TLS 1.0: what could be done?

Post by bphlpt » Tue Feb 06, 2018 3:37 pm

mockingbird wrote:
Tue Feb 06, 2018 1:54 pm
Personally, I leave IE at 6.x on my XP x64 machine since I have no use for it. Some old apps break if anything higher than 6.x is installed.
If possible, it might be useful to some if you could post a list of apps that work correctly if IE6.x is installed and break if IE8.x+ is installed. Or, someone might be able to figure out how to make them work with IE8.x. Just a thought.

Cheers and Regards

Zephyr
Posts: 49
Joined: Sun Nov 22, 2015 4:53 pm
Location: London

Re: Beyond TLS 1.0: what could be done?

Post by Zephyr » Sat Sep 15, 2018 7:05 am

There has been an update for POSREADY 2009 that enables TLS 1.1 and TLS 1.2 support in XP, but first you need the the POSREADY 2009 registry hack to install:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion]
"FeaturePackVersion"="SP3"

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WEPOS]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\WES]
"Installed"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
"Installed"=dword:00000001
Copy and paste into a text editor and save with .reg file ending. Execute to add new values to registry.

To add TLS 1.1 and TLS 1.2 support to XP obtain kb4019276 from the Microsoft Update Catalogue and install and reboot. To activate make the following modifications to the registry:

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
TLS 1.1 and TLS 1.2 support to Internet Explorer 8 was introduced with the Cumulative Security Update for Internet Explorer 8 for WES09 and POSReady 2009 (KB4316682) and all subsequent cumulative security updates including KB4230450, KB4339093, KB4343205, and KB4457426. To display tick boxes for TLS 1.1 and TLS 1.2 in advanced options in IE8 make the following registry modifications:

Code: Select all

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"="3.5.1.0.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"="3.5.1.0.0" 
It may be necessary to uncheck uncheck both "Check for publisher's certificate revocation", and "Check for server certificate revocation" in Tools>Options>Advanced. In the unlikely event that you intend to use IE8 for browsing remember to restore these settings to their default.
XP FOREVER!

User avatar
dencorso
Posts: 69
Joined: Sat Mar 02, 2013 4:06 pm
Location: Brazil

Re: Beyond TLS 1.0: what could be done?

Post by dencorso » Sun Sep 16, 2018 12:28 am

Warning! For the POSReady2009 hack, delete from that .reg file the following lines:

Code: Select all

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WindowsEmbedded\ProductVersion]
"FeaturePackVersion"="SP3"
They don't work anymore, and actually nowadays prevent MU/WU from working. Except for that, I second the suggestions in the post above this.

User avatar
5eraph
Site Admin
Posts: 4621
Joined: Tue Jul 05, 2005 9:38 pm
Location: Riverview, MI USA

Re: Beyond TLS 1.0: what could be done?

Post by 5eraph » Mon Sep 17, 2018 8:35 pm

Thank you, Zephyr. I have verified that the "OSVersion" registry entries work in IE8 when added at T-13 in an unattended XP install.

dencorso is correct. In fact, the only necessary entry for the POSReady2009 hack to work with MU and update package installers is the last one.

spawn
Posts: 105
Joined: Sat May 23, 2009 3:31 am

Re: Beyond TLS 1.0: what could be done?

Post by spawn » Sun Nov 24, 2019 6:47 am

but does that mean tls1.2 from pos ready can be put into a non pos ready xp so the hack isn't needed?

User avatar
=[FEAR]=JIGSAW
Posts: 394
Joined: Mon Feb 18, 2008 11:54 am
Location: Cape Town, South Africa

Re: Beyond TLS 1.0: what could be done?

Post by =[FEAR]=JIGSAW » Mon Nov 25, 2019 3:08 am

:shifty: did you suddenly awake from hibernation?

spawn
Posts: 105
Joined: Sat May 23, 2009 3:31 am

Re: Beyond TLS 1.0: what could be done?

Post by spawn » Wed Nov 27, 2019 10:20 am

don't suppose someone could make a patch for TLS i mean for machines that can't run POS updates (I have a pentium III PC it doesn't have MMX2) I would be delighted to test the POS version in my pentium 3 xp installation..... to see if its mmx compatable (then maybe it could be ported to windows 2000)
yes i did come out of hibernation i just built a refurbished dual cpu pentium 3 machine it rocks on xp i even added HDMI video, 7.1 dolby surround sound, USB2 on it, gigabit LAN, and SATA SSD. Prefer xp than vista or seven (older ones don't do dolby much). Why did I build a machine at least half my age? because it can run windows 3.1 3.11 95 98 98se me 2000 xp vista seven and a plethora of linux with all the archive.org nostalgia with them .......... and usb joypads that look like nintendo and playstation to think i ran playstation and sega mega drive on it AND marginally faster than the first pentium 4 running MMX code it is the machine i wanted in 2002 i gots 2 x 1ghz cpu's for $50 a bargain and when i finally done it i wanna spam hardware pr0n of it and make a vlog sharing the nostalgia and teaching kiddies how to get the real old school stuff.

spawn
Posts: 105
Joined: Sat May 23, 2009 3:31 am

Re: Beyond TLS 1.0: what could be done?

Post by spawn » Thu Nov 28, 2019 5:33 am

i came up with this link it shows how to enable tls 1.2 in windows xp i'll comment if it works and on pentium III's (MMX)
https://www.smartftp.com/en-us/support/kb/2754

Universalsoul
Posts: 3
Joined: Mon Jul 29, 2019 10:58 am

Re: Beyond TLS 1.0: what could be done?

Post by Universalsoul » Thu Nov 28, 2019 10:09 am

@spawn Here KB4019276 cant be installed running the exe directly with double click. The installer detect the OS is not Embeddd Posready. but you can workaround this with WUMT wich use windows update not update.exe included in the hotfix.
http://m.majorgeeks.com/files/details/w ... itool.html

spawn
Posts: 105
Joined: Sat May 23, 2009 3:31 am

Re: Beyond TLS 1.0: what could be done?

Post by spawn » Sun Dec 01, 2019 9:59 am

@Universalsoul much appreciated I am firing up my pc today to see if i can surf again :D

Post Reply