Download AES-256 for Windows XP
36 comments
4 690 downloads
Scripts and instructions listed below include AES-256 support for Windows XP, which, among other things, will allow Internet Explorer 8 browser to open sites that use HTTPS protocol with 256-bit encryption…
«More about AES-256 for Windows XP»
«More about AES-256 for Windows XP»
36 comments
+6), #As a side note: I did not have a %windir%\ServicePackFiles\i386\ directory. I think this is because I never installed a service pack -- SP3 was slipstreamed onto my installation disc. This was fine, and did not affect the process.
I should mention that after my second reboot this did in fact work for me, beautifully. I've been looking for a solution to Windows XP HTTPS issues for almost a year now. Skype immediately began showing link previews again, which it had not done in a couple of weeks, and gave me a banner ad (which I don't even remember the last time I saw). I'm looking forward to seeing if all of the HTTPS errors I've been getting in Opera and Chrome will go away now, but unfortunately I cannot remember any of the sites it had been happening on.
Last but not least, I think your spam filter is filtering Opera 12. :'D
+1208), # ↑I myself tested this solution manually and never had problems. Nevertheless, I will update the instruction, as this is indeed a correct remark. And you are right about
The only question: what do you mean by “your spam filter is filtering Opera 12”? Can you explain please?
+6), # ↑By the way, do you know if there is any method that tricks TLS 1.1 and 1.2 into working in IE8 on XP? Even with this change, the checkboxes for them do not appear. (I swear I've seen them in the past, though...)
+1208), # ↑In the meantime, I updated the article, added new scripts, and thanks to kb80 upgraded DLLs to a more secure patch.
+3), # ↑I have tried the suggested POSREADY workaround with some result but no success -see below.
RESULTS & COMMENTS:
Used the check tool run inside IE8
http://www.skaip.org/check-access-to-skype
Before any modification ~75% of the IE8 sites were blocked and cipher was 128
PosReady Install; The manual method to install POSREADY was the only one I could get to succeed. It was easy and instructions clear for my level.
(The POSready Reg workaround method failed
– START/RUN PosReady_Enable.reg system responds like “was no such file/command”)
After copying the fines for the manual install (and restart) IE8 was reporting 256 cipher capability…=OK
Runing the Skype tool showed only 3 sites are now blocked ….almost OK ?
Sites blocked; SKYPE ASSETS, SECURE SKYPE, LOGIN SKYPE
Now try to run Skype 7 36 0 150
Try 1- Crying face again. Unload Skype from system
Try 2- Skype message (after thinking for a long time);
“This version of Skype is no longer supported.Unfortunately, the latest version of Skype is not compatible with your OS version. We recommend you upgrade your OS version to take advantage of all the exciting new features that the latest version of Skype has to offer.”
Much appreciate your work in trying to solve our issues but it looks like XP users are going to be pushed out of Skype, any further suggestion are most welcome.
This Skype problem has perplexed me and wasted so much of my time for nigh on 2 years so I am off to ZOOM.COM they have a goofy interface but it is easy to install, good quality, capable and it works perfect for us XP holdouts. /Antony
+1208), # ↑+4), # ↑today on XP the 1st day i got the Skype can't open because IE is outdated..
we'll see tomorrow..
don
+1208), # ↑+8), #You can download it from http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3081320
+1208), # ↑+6), # ↑+1208), # ↑+2), #Other than that, thanks for the tip. I have replaced the files in
\Windows\system32and\Windows\system32\dllcachefrom outside Windows XP (in a dual-boot machine), and it solved the problem with Skype. No ill effects so far.[Updated ]
I've submitted a previous comment about a problem with the hack you recommend for installing KB3081320, but apparently it has been removed. I think people should be warned that the change made in their systems by PosReady_Enable.reg is irreversible.
[Updated ]
Now that my first comment is back, my subsequent comment has become superfluous — and so this one...
Thanks.
+1208), # ↑[Updated ]
Tested it! You are absolutely right. I checked, and found that the value is not deleted if you restart the computer. Therefore, it is important to remove it before restarting the computer.
+2), # ↑+1208), # ↑0), #0), #Thanks a lot for your solution it helped me to run our application on XP again.
+13), #@Administrator
@Dave
You can't delete POSReady entry when running Windows - it's a part of registry protected by system. However, you can connect the HDD to another PC and edit inactive registry files from another system, if you really want… but I don't think so.
If your system is fully updated (including MS Installer 4.5, exFAT drivers and possibly some other needful things), you can stay with POSReady 2009 - it works OK with both Home and Pro versions of Windows XP. Now you will get many other security updates with no additional fiddling. Note that there is already available update for TLS 1.1/1.2! It's KB4019276, that supersedes KB3081320 - it's in optional updates now, but in February it should be promoted to important and installed with IE8 cumulative update.
+1208), # ↑+13), # ↑It's really much easier to stay with POSReady and get all security updates installed automatically than to dig in installers, libs, scripts, etc. manually. The updates are really important, some are even so critical, that Microsoft releases them also for Windows XP (see SMB update in May 2017 for example).
And last but not least - installing AES-2 only without TLS 1.1/1.2 and IE8 updates is like changing only one bald tire in your old car.
+1208), # ↑As for Windows XP, I published this solution in order to fix the connection issue on Windows XP. I didn't see anyone who would like to switch to such updates (especially it concerns sysadmins, at least who contacted me and had the only task to restore the functionality of Skype).
0), #+1208), # ↑+3), #btw, this update does not reanimate Skype - all of my contacts are offline for now (February, 10)
+1208), # ↑As for your problem it's something else, and occurs due to this issue.
+7), #I have been looking for this Skype fix for a long time.
One question re. replacing the 3 dlls manually. Will the machine convert to Embedded POS?
Or will it remain just XP-SP3 with updated drivers? Or do I need to follow the remaining directions and convert to Embedded POS? oops 3 questions.
+1208), # ↑1) Replacing DLLs manually or using a BAT/VBS script will not convert your OS to POS. Just note that if you do this manually, OS protection may restore the original files (this is why, at least you should do it very quickly).
2) When you will replace these files, nothing else will be changed (neither other files, nor drivers, nor the registry).
3) I don't recommend to convert OS to POS, because it will be very difficult to return everything back. In addition, perhaps you will get updates for ATM.
+7), # ↑The only issue I ran into was difficulty replacing the files in system32. Two of them reported "in-use" and would not let me overwrite. Even in safe mode. I had to use an external maintenance program to insert the new DLLs. I also needed to sign out of Skype and quit... then restart XP and everything worked.
Thank again
+13), # ↑No. In general Windows XP Embedded/WEPOS/POSReady is Windows XP SP3 OEM repacked with another installer. It's designed to create a minimal OS installation (some kind of Windows Lite), containing only software and drivers selected by developers while standard OEM installation contains full backup of Windows and all windows software and drivers provided by OEM devs. It means that you won't have any additional updates dedicated for POS/ATM if you don't install any such software on your own.
There is NO real system conversion - POSReady in XP is only a single registry entry and a single change in installer scripts (*.inf), other files are unchanged, so you can use POSReady trick for both XP Pro and Home. And it's not so difficult to remove the registry entry - you should just use regedit from command prompt after starting 32-bit Windows Vista/7/8/10 DVD/USB disc installer in repair mode. You can use this installer also to replace files in use by system (don't forget to replace files also in c:\WINDOWS\system32\dllcache if needed) or to run chkdsk /b on old HDD.
The real problem is IE8 update (still with no full TLS 1.x support) - currently it may take a week with 100% single CPU kernel load by wuauclt, so the update should be download manually from Microsoft Update Catalog. There may be similar problems with some MS Office updates, other updates should install much faster.
Note that there is a naming convention mismatch in MS Update Catalog – older files are described mostly as "Windows XP WEPOS/POSReady" updates and newer ones as "Windows XP Embedded" updates.
+27), #Great article. Many thanks! I'm so glad that your neat site is also useful for stuff other than Skype.
My XP SP3 is really old and my Internet Explorer 8 cannot display HTTS (SSL Enabled) many sites due to being old, and due to being incompatible between certificates and encryption handshakes.
My question, even XP doesn't support TLS 1.1 and 1.2, does that tweak enables us to see chipher strength upgraded to 256 bit instead of current 128 bit?
Isn't that tweak for this?
Many thanks,
Onur
0), #I tried to install the 3 files, first the vbs, second the exe, and third the bat. After restarting (I restarted only after the third install, it might be a problem) I got an error "you are having a problem that is preventing windows from accurately
checking the license for this computer." Error #0X80090006" and nothing happens, only safe mode works without network. Do you have any fox for it? Thank you! (Windows xp sp3)
Regards,
Kornel
+1208), # ↑By the way, are you sure that you have Windows XP SP3? What's the language of your OS? Have you tried to revert old files?
0), #So in my case not for skype at all.
Usually settings for MSIE8 is applied just using the wininet library on XP SP3.
I have check boxes for SSL 3.0 and TSL 1.0 checked.
Any idea what is missing?
Same software on windows 7 works.
It would be a lifesaver if it can be solved, since I have to move all development to windows 7 machine.
Thanks either way, I'm sure many places will work now.
0), #Many thanks for the post.
I was about to drop 5 Windows XP Advantech industrial PC's because the APPs were currently unable to communicate with our customer back-end.
I have to confess that I don't use the files you provided but go to the source (Microsoft) and get from the source (sorry for don't trust).
Regards
+1208), # ↑