[Solved]Extend Windows XP with TLS 1.2 - any tech savvies here?
-
- KVRAF
- Topic Starter
- 6426 posts since 22 Jan, 2005 from Sweden
Getting too much of protocol error now on my old xp computer, only one online for me.
And get 12157 secure channel error on a vital server that I do software towards.
So found this interesting article to extend even XP with 256 bit AES encryption to remedy some of that.
http://www.skaip.org/aes-256-for-windows-xp
and works as far as described showing 256-bit in about dialog for IE8.
Settings for Internet in control panel usually work automatically for wininet.dll that I use when doing Internet Settings.
But don't get the check boxes for TLS 1.1 and TLS 1.2 - thought I would add that if possible.
Registry HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.0
Some part of registry look like this
PlugUIText=@C:\WINDOWS\system32\inetcpl.cpl,-4754
the option in setting above that one get -4753 - so I thought I just add -4755 for TLS1.1 and -4756 for TLS 1.2.
Thought this would make those checkboxes appear, but no.
Seems that checkboxes follow alternative
DefaultValue to follow CheckedValue.
Or UnCheckedValue showing when box is not checked.
So I sat those manually and thought my error would go away, but no.
Like something is still missing to use TLS1.1 or 1.2.
Does anybody know how this works?
The negative parameter to inetcpl.cpl - did not find it explained anywhere.
I saw some parameters that would open a certain tab in Internet Settings dialog.
Thought it would be coordinates where to put checkboxes or something.
Anyway, an attempt to still use perfectly capable machine since 16 years until it dies. All good thing in these days with climate smart and everything. And the only one online all day long.
Thanks for any input.
And get 12157 secure channel error on a vital server that I do software towards.
So found this interesting article to extend even XP with 256 bit AES encryption to remedy some of that.
http://www.skaip.org/aes-256-for-windows-xp
and works as far as described showing 256-bit in about dialog for IE8.
Settings for Internet in control panel usually work automatically for wininet.dll that I use when doing Internet Settings.
But don't get the check boxes for TLS 1.1 and TLS 1.2 - thought I would add that if possible.
Registry HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\TLS1.0
Some part of registry look like this
PlugUIText=@C:\WINDOWS\system32\inetcpl.cpl,-4754
the option in setting above that one get -4753 - so I thought I just add -4755 for TLS1.1 and -4756 for TLS 1.2.
Thought this would make those checkboxes appear, but no.
Seems that checkboxes follow alternative
DefaultValue to follow CheckedValue.
Or UnCheckedValue showing when box is not checked.
So I sat those manually and thought my error would go away, but no.
Like something is still missing to use TLS1.1 or 1.2.
Does anybody know how this works?
The negative parameter to inetcpl.cpl - did not find it explained anywhere.
I saw some parameters that would open a certain tab in Internet Settings dialog.
Thought it would be coordinates where to put checkboxes or something.
Anyway, an attempt to still use perfectly capable machine since 16 years until it dies. All good thing in these days with climate smart and everything. And the only one online all day long.
Thanks for any input.
Last edited by lfm on Mon Dec 16, 2019 2:26 pm, edited 1 time in total.
- KVRAF
- 15272 posts since 8 Mar, 2005 from Utrecht, Holland
How it works?? Now you know what the implications are of "no more security patches on OS level".
Not of any help, but me thinks WinXP and modern https just don't go together anymore.
Ok, more constructive:
- why won't this machine run Win7?
- for 24/7 usage, why not use a Raspberry Pi using just 15 watt instead of a decades old machine consuming more likely 350 watt
Not of any help, but me thinks WinXP and modern https just don't go together anymore.
Ok, more constructive:
- why won't this machine run Win7?
- for 24/7 usage, why not use a Raspberry Pi using just 15 watt instead of a decades old machine consuming more likely 350 watt
Last edited by BertKoor on Sun Dec 15, 2019 8:16 am, edited 1 time in total.
We are the KVR collective. Resistance is futile. You will be assimilated.
My MusicCalc is served over https!!
My MusicCalc is served over https!!
- Banned
- 498 posts since 23 Jan, 2008
Use the Mypal browser for the Internet. It still supports many sites.
https://github.com/Feodor2/Mypal/releases
also
https://rtfreesoft.blogspot.com/search/label/browser
https://github.com/Feodor2/Mypal/releases
also
https://rtfreesoft.blogspot.com/search/label/browser
-
- KVRAF
- 4007 posts since 8 Jan, 2005 from Hamilton, New Zealand
Any particular reason not to use say, Xubuntu?lfm wrote: ↑Sun Dec 15, 2019 6:52 am Getting too much of protocol error now on my old xp computer, only one online for me.
Anyway, an attempt to still use perfectly capable machine since 16 years until it dies. All good thing in these days with climate smart and everything. And the only one online all day long.
Thanks for any input.
I make music: progressive-acoustic | electronica/game-soundtrack work | progressive alt-metal
Win 10/11 Simplifier | Also, Specialized C++ containers
Win 10/11 Simplifier | Also, Specialized C++ containers
-
- KVRAF
- Topic Starter
- 6426 posts since 22 Jan, 2005 from Sweden
Thanks guys.
It's not the most part about using a browser - I use an old Visual Studio 2005 for one.
And using wininet.dll for certain https stuff helping maintaining my old software since 30 years, now sold(2007) to a company, but help out still. I'm retired making music full time, really.
There is WinHttp that many browsers use, that allow some stuff that my IE8 does not, it seems. So Opera v36 I use now writing this, work towards urls that is essential.
I'ts like the TLS 1.2 options is not really used somehow dispite above installs made.
Some setting in registry is my assumption.
I see various parts in registry listing all options that I see in Internet Options - but the Security part where protocols are listed.
I found a mask 'a0' which correspond to SSL 3.0 and TLS 1.0 that are checked - looking at the mask CheckedValue I mentioned above.
So extended those places for SecurityProtocol to 'aa0' which would include the two new TLS 1.1 and TLS 1.2.
Still get the 12157 security channel error.
EDIT: managed to get checkboxes to show in settings following registry entries here
https://support.microsoft.com/en-us/hel ... in-windows
and then here
https://msfn.org/board/topic/178092-ena ... correctly/
And final thing was to adjust os version to 3.5.1.0 instead of 3.6.1.0 and restart. So checkboxes in place.
Still get the 12157 security channel error, so will continue looking.,...
EDIT2 - so it is solved with this article now doing TLS 1.2 on XP
https://msfn.org/board/topic/178092-ena ... correctly/
Three suggested updates for windows installer, one for protocols kb4019276 and one for update of ie8.
I couldn't believe it - so life of this machine continues....
It's not the most part about using a browser - I use an old Visual Studio 2005 for one.
And using wininet.dll for certain https stuff helping maintaining my old software since 30 years, now sold(2007) to a company, but help out still. I'm retired making music full time, really.
There is WinHttp that many browsers use, that allow some stuff that my IE8 does not, it seems. So Opera v36 I use now writing this, work towards urls that is essential.
I'ts like the TLS 1.2 options is not really used somehow dispite above installs made.
Some setting in registry is my assumption.
I see various parts in registry listing all options that I see in Internet Options - but the Security part where protocols are listed.
I found a mask 'a0' which correspond to SSL 3.0 and TLS 1.0 that are checked - looking at the mask CheckedValue I mentioned above.
So extended those places for SecurityProtocol to 'aa0' which would include the two new TLS 1.1 and TLS 1.2.
Still get the 12157 security channel error.
EDIT: managed to get checkboxes to show in settings following registry entries here
https://support.microsoft.com/en-us/hel ... in-windows
and then here
https://msfn.org/board/topic/178092-ena ... correctly/
And final thing was to adjust os version to 3.5.1.0 instead of 3.6.1.0 and restart. So checkboxes in place.
Still get the 12157 security channel error, so will continue looking.,...
EDIT2 - so it is solved with this article now doing TLS 1.2 on XP
https://msfn.org/board/topic/178092-ena ... correctly/
Three suggested updates for windows installer, one for protocols kb4019276 and one for update of ie8.
I couldn't believe it - so life of this machine continues....