Jump to content

Enable TLS 1.2 on Windows XP


Recommended Posts

  • Root Admin

I was playing around with my Windows XP setup on VMware and was unable to visit the Google site using IE8

It is unlikely without a lot of work that you'd be able to fully get TLS 1.2 and the appropriate signed certificates to work on XP but I was able to at least partially get it working well enough to now visit the Google site 🙂

 

image.png

 

As there is not really enough value to tweak/hack it further I doubt I'll dig in any further but here are some links and articles I used to to get it updated. Windows Update and other sites still don't fully work without the signed certs

 

Windows Update SHA-1 based endpoints discontinued for older Windows devices
https://support.microsoft.com/en-us/help/4569557/windows-update-sha-1-based-endpoints-discontinued

Common Questions about SHA2 and Windows
https://docs.microsoft.com/en-us/archive/blogs/pki/common-questions-about-sha2-and-windows

Certificate Path Validation in Bridge CA and Cross-Certification Environments
https://docs.microsoft.com/en-us/archive/blogs/pki/certificate-path-validation-in-bridge-ca-and-cross-certification-environments

Add Published Certificates to Active Directory Containers
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731612(v=ws.11)

How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store
https://support.microsoft.com/en-us/help/295663/how-to-import-third-party-certification-authority-ca-certificates-into

Crypt32.dll Versions
https://docs.microsoft.com/en-us/windows/win32/seccrypto/crypt32-dll-versions

2019 SHA-2 Code Signing Support requirement for Windows and WSUS
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

Cryptography API: Next Generation
https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal

Transport Layer Security (TLS) best practices with the .NET Framework
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry

Common issues when enabling TLS 1.2
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-troubleshoot

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

Update to enable TLS 1.1 and TLS 1.2 as secure protocols in WinHTTP on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009
https://support.microsoft.com/en-us/help/4467770/update-to-enable-tls-1-1-and-tls-1-2-as-secure-protocols-on-winhttp

TLS/SSL Settings
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)?redirectedfrom=MSDN

How to enable TLS 1.2 on clients
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

Enable TLS 1.2 on Windows XP
https://www.smartftp.com/en-us/support/kb/2754

Enable TLS 1.2 on Windows 7
https://www.smartftp.com/en-us/support/kb/2679

https://www.catalog.update.microsoft.com/Search.aspx?q=KB2868626
https://www.catalog.update.microsoft.com/Search.aspx?q=KB968389
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467770


Crypt32.dll    5.131.2600.6459    603,136    07-Oct-2013    10:59    x86    SP3    SP3QFE
Xpsp4res.dll    5.1.2600.6459    7,168    05-Oct-2013    01:14    x86    SP3    SP3QFE

 

 

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.