Geek Answers Handbook

Why can't Windows XP handle newer versions of SSL certificates?

As I understand it, since support for Windows XP has been officially removed, the latest versions of SSL certificates used on certain sites cannot be accessed by Chrome and IE on WinXP due to incompatibility. However, Firefox seems to still support Windows XP and is free to access these websites.

I don’t quite understand how the compatibility of SSL certificates works, how is it possible that in Chrome and IE you need to completely switch to the new OS, but this is not necessary when you use a different browser? Why can't a simple community developer create a patch for Chrome and IE if Firefox can support them? What is the connection between the browser and the OS? Where do I draw the line?

+8
firefox google-chrome internet-explorer ssl windows-xp
source share
5 answers

OK, so looking at the mpql.net example, we start by analyzing SSL Labs .

The problem is that the server only supports cryptography using an elliptic curve (various TLS_ECDHE_xxx packets) and, according to MSDN articles, the secure socket protocol and TLS Cipher Suites , Windows XP does not include any of the elliptic curve protocols. This does not apply to certificates per se, but to how the web server is configured.

Firefox still works because it uses its own cryptographic library instead of using the SSL support built into Windows. Of course, if you use the version of Firefox as old as Windows XP, it probably won't work either. :-)

+10
source share

Some websites may not be accessible by Chrome and IE on WinXP due to incompatibility. However, Firefox seems to still support Windows XP and is free to access these websites.

Chrome and IE use CA storage, while Firefox uses its own independent store.

Why can't a simple community developer create a patch for Chrome and IE if Firefox can support them?

Perhaps some developer can do this, but why would someone invest time in supporting an OS that is dead and insecure only to support browsers that are no longer supported (Chrome will abandon support at the end of 2015). If you think this is necessary, just do it. Otherwise, uninstall XP, or at least use Firefox with it.

+2
source share

The solution to this problem in XP is to install KB3055973-v3, which adds support for 128-bit and 256-bit TLS Advanced AIX cipher suites. Google for this solution and be careful, this is originally for the English version of the OS, otherwise you need to change the installation files.

+1
source share

Although I can not say that it is 100% correct, I believe that ssl has everything that is connected with the browser and does not have much to do with the real operating system. So I ran into a problem, where is the opposite of what you ask. The client was on a Windows 7 machine and needed access to email via email using Chrome, but could not because of an SSL problem. The problem was that Chrome refused to support the older version of SSL, so its options for using IE or Firefox or downgrading and reliable chrome do not force it to be updated. Microsoft wants users to update, so of course they will not keep IE up to date, and Google will not support an outdated operating system. Firefox is open source, so it makes sense that people will maintain browser compatibility with as many devices as possible. Hope this helps.

0
source share

I also could not access websites such as androidfrog.com, and many common direct links from github, bitchute, and from almost any website in chrome, idm and many other programs besides firefox or ida. This is why I prefer IDA and Firefox over Chrome and IDM. IDA = Internet Download Accelerator, IDM = Internet Download Manager.

But even chrome and all applications actually work. They released software on the msfn.org forum on the topic "Problems accessing certain sites (Https aka TLS)." I think one or two guys released the software, the last thing I heard about is HTTPSProxy_Launcher. It works! Released a few weeks ago! And ignore the fact that updates from Microsoft released several weeks or months ago do not work, because it has nothing to do with TLS 1.1 and 1.2 ... not enough. Even Windows POSReady 2009 will not work with all updates. Not enough I say.

0
source share

More articles:


All Articles