Jump to content

Windows XP and TLS 1.2


Sfor

Recommended Posts

More and more web sites are turning the TLS 1.0 off. There is no big deal with the web browsing, because the Firefox handles the TLS 1.2 just fine. But, some other applications will be affected.

A nice example are the utilities made to send XML based electronic goverment declarations. The Polish goverment servers will turn off TLS 1.0 in the middle of 2017. I strongly doubt the utilities used to send the declarations do have own TLS 1.2 support as the Firefox does. The declarations can not be sent through the browser, so Firefox will not do.

Is there a way to check if an application has it's own TLS support?

Is there a way to add TLS 1.2 support to Windows XP?

Link to comment
Share on other sites


On Sunday, December 11, 2016 at 7:05 AM, Sfor said:

Is there a way to check if an application has it's own TLS support?

Well, if the application is a browser, you can just browse to https://www.ssllabs.com/ssltest/viewMyClient.html and it will tell you, right at the top of the page, whether it supports TLS 1.2. I don't know of an easy way to check non-browser clients (secure email, etc.) though.
 

Link to comment
Share on other sites

Unfortunately the applications I wish to test against TLS 1.2 support are not browsers. They are mostly goverment tax declaration form senders and managers. The goverment tax service will not work with just a browser, as the protocol is not user friendly.

I did play a bit with schannel.dll. After replacing it with a file taken from Windows 7, the IE 8 stopped working with https, completely. There were no visible error messages, the IE just did not make any connection.

-------------------------------------------------------

I did the same experiment with schannel.dll and mbedtls.dll from ReactOS. The result was almost the same as with Windows 7 schannel.dll file. The difference is, with some sites IE 8 crashes, with most of thei it does not connect.

It seems the ReactOS is using mbed TLS 2.3.0 and schannel.dll is just a wrapper for mbedtls.dll. mbed TLS 2.3.0 should support the TLS 1.2.

Another question is, if Microsoft added TLS 1.2 support with updates for Windows XP Embedded. If so, it would be logical to use them instead.

Another task is testing if a particular application is gaining TLS 1.2 support. To do so it would be necesary to redirect connections to some other server. Well, redirecting to a different IP through DNS is a simple task, but I have no experience with HTTPS servers. I would be good to have a server with an ability to switch between TLS 1.0 and 1.2.

On the other hand, perhaps it would be a better choice to use a proxy, instead. While using the original server, to switch on and off TLS 1.0 with the proxy.

Yet another idea is to leave Windows TLS support as is, and to use a TLS 1.2 capable proxy to make the connection, instead.

Edited by Sfor
Link to comment
Share on other sites

  • 3 months later...
3 minutes ago, ekeda said:

Proxy is not an option since I need it for online play and proxy will create lag.

*Need* for play? :unsure:

I mean, usually gamers have the latest, newest of everything including both hardware and software (and OS), whilst to play (say) Hearts, a small lag is not that much relevant.

jaclaz
 

Link to comment
Share on other sites

I have no idea if this local proxy will cause lag. I need the tls 1.2 on XP for Starcraft HD, which will be released this summer. If you want upload the program somewhere, but I won't be able to test it until the game releases.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...