The_Expert_Team_logo

"Sometimes when you fill a vacuum, it still sucks."


Home|About|Contact|Blog|Board|Pages|Projects|Donate


 Getting AES 256-Bit, TLS 1.2 support and disabling insecure ciphers under Windows XP
Published on 2019/06/07, by NojusK.

WindowsXP_TLS_logo

Windows XP lacked any modern cipher support in his heyday, but with the POSReady 2009 trick you can get AES 256-Bit, TLS 1.2 support. I will show how to get them. First make sure you have the POSReady trick so you would be able to install them, next download the following updates in order:

AES 256-Bit support(KB3081320)

Update for WES09 and POSReady 2009(KB4019276)

Cumulative Update for Internet Explorer 8(KB4316682)

Update for WinHTTP to add TLS 1.2 support(KB4467770)

Install them all in order, then apply the registry file [LINK] to enable TLS 1.2 and reboot. Now you can check at the Internet Options and you will see TLS 1.2 and TLS 1.1 in the list.

Internet_OptionsXP

And Internet Explorer 8 will show that the cipher strength is now 256-Bit.

IEaboutScreen

And HowMySSL reports that we do indeed have TLS 1.2 support and no insecure ciphers and we’re no longer vulnerable to the BEAST Vulnerability that affected TLS 1.0.

HowsMySSLresults
HowsMySSLresults1

This doesn’t fully fix the issue with Chromium browsers that use XP’s schannel.dll because SNI or ECC support is not available on XP and you can get ERR_SSL_VERSION_OR_CIPHER_MISMATCH sometimes.

Back button Back to the Previous Page

Powered by Debian Powered by Apache HTTPD Server

Copyright © 2018- The Expert Team, all rights reserved.