Thread: Windows XP Update
View Single Post
  #6  
Old January 4th 20, 01:10 PM posted to microsoft.public.windowsxp.general,alt.windows7.general
Lu Wei
external usenet poster
  
Posts: 60
Default Windows XP Update
On 2020-1-4 6:50, Mayayana wrote:
"Bert" wrote
...
To enable WindowsXP TLS 1.1 & 1.2 support, I have edited a reg file,
feel free to use it (prerequisite KBs are in comment):
-----------------------------------------------------------------
Windows Registry Editor Version 5.00
;Enable TLS1.1|1.2 support in WindowsXP. Install KB4019276 (which needs
POSReady registry hack to install) first, then import this reg file.
;Insecure ciphers|hashes|protocols are disabled.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL]
"EventLogging"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\DES
56/56]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC2
128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC2
40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC2
56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC4
128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC4
40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC4
56/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\Triple
DES 168/168]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Hashes\MD5]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol
Unified Hello\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol
Unified Hello\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\PCT
1.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\PCT
1.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\SSL
2.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\SSL
2.0\Server]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\SSL
3.0\Client]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\SSL
3.0\Server]
"Enabled"=dword:00000000

;Enabled TLS1.0 for better windows update compatibility and connecting
to remote desktop of a Win7 host
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Client]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\TLS
1.0\Server]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\TLS
1.1\Client]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\TLS
1.1\Server]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\TLS
1.2\Client]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\TLS
1.2\Server]
"Enabled"=dword:00000001

;Enable TLS1.1|1.2 options of IE8 in WindowsXP. Need to install
KB4019276 and the latest IE8 cumulative patch to function.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CRYPTO\TLS1.2]
"OSVersion"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\AdvancedOptions\CRYPTO\TLS1.1]
"OSVersion"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet
Settings]
"SecureProtocols"=dword:00000a80

;Enable TLS 1.1 and TLS 1.2 as secure protocols in WinHTTP, need KB4467770
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet
Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000a80
-------------------------------------------------------------------------------------------

But some TLS 1.1|1.2 sites will still not function in IE8, because the
ciphers they use is still not supported by it, and never will. So
regard KB4019276 and this only as a system patch, use other browsers
instead.

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
Ads