General :  K-Meleon Forum
General discussion about K-Meleon. 
"No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: siria
Date: February 24, 2018 09:42PM

Since 1-2 years I notice more and more major sites are broken for older browsers/systems.
Typical message:
Quote

An error occurred during a connection to planet.mozilla.org.
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)

Now the "apocalypse" as the TenFourFox-guy below called it so fittingly, got over the critical limit:

Github insists on TLS1.2 since a few days, making it completely inaccessible:
https://githubengineering.com/crypto-removal-notice/
(for old browsers now only partly readable via googlecache, but no pics or files)

Sourceforge is said to insist on TLS1.1, found only a note about it here:
http://tenfourfox.blogspot.de/2018/02/the-tls-apocalypse-reaches-power-macs.html

Quote

Unfortunately, unless you already have TenFourFox, you won't be able to download it: the "TLS apocalypse" has come to Power Macs running OS X. No browser that was previously available for PPC OS X can download TenFourFox now that SourceForge is mandating minimum TLSv1.1 support: Classilla, Safari 4, Safari 5, Camino and Firefox 3.6 all only support TLSv1.0. For that matter, TenFourFox didn't support TLSv1.1 or TLSv1.2 until version 31, when both were enabled (Mozilla added support in Firefox 27), and Safari didn't add support until version 7

So far the KM-Forum (incl attachments) and Wiki still work, being HTTP, but everything else on Sourceforge is broken now too!
For example no file downloads anymore from the KM downloads page.
Links like those only give errors now on ancient systems:
http://sourceforge.net/projects/kmeleon/files/k-meleon-dev/K-Meleon76RC2.7z/download
http://kmeleon.sourceforge.net/files/k-meleon-dev/K-Meleon76RC2.7z

KMEXT still works fully, incl. file downloads, all still HTTP, even directory view allowed:
http://kmext.sourceforge.net/files/
http://kmext.sourceforge.net/extensions/



I do have a fallback browser which supposedly can handle TLS1.1 + 1.2:
Opera 10 USB
At least it shows those TLS as checkmark-options in the pref sheets (opera:config, appeared when I typed about:config)
BUT: it doesn't help anything sad smiley
It probably expects to get those certs from the OS, which is even older as XP in my case...

KM does have a certificate manager, but no clue where to get them and which ones are needed, and strong doubts if newer Certs would even help in a browser (KM1.6/1.7) which natively only knows TLS1?

F2 > Privacy > Encryption
Tools > Privacy > View Data > Cert-Manager



Edited 1 time(s). Last edit at 02/24/2018 10:00PM by siria.

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: roytam1
Date: February 25, 2018 12:27AM

For NSS-based applications, you can recompile with newer nspr-4.10.2 and nss-3.15.5 and make some adaption to tell NSS to use TLS 1.2.

my self-compiled Firefox2 in action:




Edited 2 time(s). Last edit at 02/25/2018 12:33AM by roytam1.

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: Yogi
Date: February 25, 2018 01:04AM

Quote
siria

I do have a fallback browser which supposedly can handle TLS1.1 + 1.2:
Opera 10 USB
At least it shows those TLS as checkmark-options in the pref sheets (opera:config, appeared when I typed about:config)
BUT: it doesn't help anything sad smiley
It probably expects to get those certs from the OS, which is even older as XP in my case...

Root certificates used by Opera (versions 9.5 through 12)

See also:
https://superuser.com/questions/976158/where-to-get-root-ssl-certificates-for-opera-12-17

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: J.G.
Date: February 25, 2018 02:18AM

Quote
siria
(...) For example no file downloads anymore from the KM downloads page.
Links like those only give errors now on ancient systems:
http://sourceforge.net/projects/kmeleon/files/k-meleon-dev/K-Meleon76RC2.7z/download
http://kmeleon.sourceforge.net/files/k-meleon-dev/K-Meleon76RC2.7z
(...)

Not only in ancient systems, latest KMG 20180224 + Win10 also shows errors:

"An error has been encountered in accessing this page.
1. Server: kmeleon.sourceforge.net
2. URL path: /files/k-meleon-dev/K-Meleon76RC2.7z
3. Error notes: NONE
4. Error type: 404
5. Request method: GET
6. Request query string: NONE
7. Time: 2018-02-25 02:16:12 UTC (1519524972)
Reporting this problem: The problem you have encountered is with a project web site hosted by SourceForge.net. This issue should be reported to the SourceForge.net-hosted project (not to SourceForge.net).
If this is a severe or recurring/persistent problem, please do one of the following, and provide the error text (numbered 1 through 7, above):
Contact the project via their designated support resources.
Contact the project administrators of this project via email (see the upper right-hand corner of the Project Summary page for their usernames) at user-name@users.sourceforge.net
If you are a maintainer of this web content, please refer to the Site Documentation regarding web services for further assistance.
NOTE: As of 2008-10-23 directory index display has been disabled by default. This option may be re-enabled by the project by placing a file with the name ".htaccess" with this line:
Options +Indexes
"

confused smiley



Edited 1 time(s). Last edit at 02/25/2018 02:18AM by J.G..

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: rodocop
Date: February 25, 2018 03:09AM

Quote
J.G.
Not only in ancient systems, latest KMG 20180224 + Win10 also shows errors:
confused smiley
This is another problem not related to security cyphers and HTTPS.

And it works now for me while sometime ago I experienced the same.

What about siria speaks is the real problem for old systems and thanks roytam1 that he gives people a solution.

roy,
I've tested your FF 3.6 and it loads GitHub and SF! Great job! (KM 1.6 doesn't for example)


Latest Release KM75.1 Latest dev KM76RC ||| Visit The K-Meleon Place and join me there!
Old good stuff: KM-1.6db+NS © dugbugoffice // KM-16-S2014 © Fred // KM-1.6beta2.6 © JamesD // KM Twin+ © rodocop // KM 1.8.24.22 © adodupan

RECOMMENDED! K-Meleon 76 Pro ==» Download portable: 7zip or EXE =//= Discuss on forum
K-Meleon 75.1 Pro: Download =//= Discuss || Portable Flash plugin (x86/x64 DLLs)

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: siria
Date: February 25, 2018 05:04AM

Thanks for the tips! But still lost...

Quote
rodocop
roy,
I've tested your FF 3.6 and it loads GitHub and SF! Great job! (KM 1.6 doesn't for example)

Har Har... searched around, digged through msfn, but guess where it's hosted? cool smiley
Something like that really sounds like the only hope.

FF2 sounds horribly outdated, even generations behind KM1.6/FF3.5...

By the way even FF10 seems to run a bit here (struggled for months with prefs until it didn't crash anymore seconds after start, probably far too few resources and downloading tons of stuff in background, meanwhile seem to have blocked the right prefs and it behaves, but very uncomfy compared to KM and browsing with FF10 seems NOT better as in KM16 so why)

And cert stuff, have tried yet again, many hours, but still rocket science to me. No chance without a detailed step-by-step guide even for opera just to find the right files sad smiley
But howsmyssl.com tells it does have already 1.2 capabilities, yet the browser still doesn't work on github, and still doesn't tell me which certs it wants exactly.

OPERA ERROR-1:
Unable to complete secure transaction
You tried to access the address https://github.com/, which is currently unavailable. Please make sure that the web address (URL) is correctly spelled and punctuated, then try reloading the page.
Secure connection: fatal error (70) from server.
https://github.com/
Handshake failed because the server does not want to accept the enabled SSL/TLS protocol versions.

OPERA ERROR-2:
Unable to complete secure transaction
You tried to access the address http://sourceforge.net/projects/kmeleon/files/k-meleon/75.1/K-Meleon75.1.7z/download, which is currently unavailable. Please make sure that the web address (URL) is correctly spelled and punctuated, then try reloading the page.
Secure connection: fatal error (40)
https://sourceforge.net/projects/kmeleon/files/k-meleon/75.1/K-Meleon75.1.7z/download
Failed to connect to server. The reason may be that the encryption methods supported by the server are not enabled in the security preferences.
Please note that some encryption methods are no longer supported, and that access will not be possible until the website has been upgraded to use strong encryption.



Edited 1 time(s). Last edit at 02/25/2018 06:11PM by siria.

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: roytam1
Date: February 25, 2018 06:09AM

The Fx2 here is only for IRC connection(chatzilla) and 2ch(now 5ch) fat file reader. So its not a problem here. Fx2 uses little RAM and it is surprisingly stable.



Edited 1 time(s). Last edit at 02/25/2018 06:11AM by roytam1.

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: rodocop
Date: February 25, 2018 11:57AM

Quote
siria
Har Har... searched around, digged through msfn, but guess where it's hosted? cool smiley
roytam's FF 3.6
roytam's RetroZilla


Latest Release KM75.1 Latest dev KM76RC ||| Visit The K-Meleon Place and join me there!
Old good stuff: KM-1.6db+NS © dugbugoffice // KM-16-S2014 © Fred // KM-1.6beta2.6 © JamesD // KM Twin+ © rodocop // KM 1.8.24.22 © adodupan

RECOMMENDED! K-Meleon 76 Pro ==» Download portable: 7zip or EXE =//= Discuss on forum
K-Meleon 75.1 Pro: Download =//= Discuss || Portable Flash plugin (x86/x64 DLLs)

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: Yogi
Date: February 25, 2018 12:33PM

@Siria

I looked into Opera 10 and it is hopeless.
Even so it has support for TLS1.1 + 1.2, the ciphers used are badly outdated.
So far it's not primarily a cert prob but that of missing ciphers.
It's only Opera Presto v12.18 (which got updated new ciphers) that will hopefully work reliable for the next few years to come.
Sorry, this won't be of any help for Win98. sad smiley

Options: ReplyQuote
Re: "No Cypher Overlap"-Apocalypse sad smiley Github all dead, SF mostly etc
Posted by: siria
Date: February 25, 2018 03:21PM

Looks like I've finally hit better search terms (msfn browser win98 tls) which lead to some quite hopeful postings. Ouf...

Perhaps this can be a solution for KM??
https://msfn.org/board/topic/176344-problems-accessing-certain-sites-https-aka-tls/?page=3

Quote

The solution I found is a proxy server that performs an intentional MITM (man-in-the-middle) attack on the browser. Obviously that's a security risk, but since everything is running on one machine, the risk is minimal as long as this software properly validates certificates. It's free and can be found here: http://www.proxfilter.net/proxhttpsproxy/

Will have to check that out too, in a while.

But for the moment I'm saved - by Opera12! grinning smiley

Hint was on same page as above:
Quote

> Opera 12.02 works on Win98 with KernelEx.
> But somewhere between 12.02 and 12.17 it quit working.

You're right; Opera 12 has some problems with modern Web pages. Its Javascript is also rather slow.

So I went to oldversion.com and downloaded Opera 12.02
After unzip it first crashed on open, then played with KernelEx-settings (Win2000 seems best) - and it started!!
opera:config with the 1000 settings works, and - GITHUB WORKS!
That's really most important, guess nowadays 80% of apps and important stuff (at least for me) is hosted there.

Quote
Yogi
I looked into Opera 10 and it is hopeless.
Even so it has support for TLS1.1 + 1.2, the ciphers used are badly outdated.
So far it's not primarily a cert prob but that of missing ciphers.
It's only Opera Presto v12.18 (which got updated new ciphers) that will hopefully work reliable for the next few years to come.

You're right. Sorry that I didn't 'discover' version 12 earlier, could have saved a lot of trouble. About the subversion, will have to experiment more over time, perhaps 18 runs too, or something in between. Now am struggling a bit with the prefs, not quite behaving yet as I want, but slowly getting better.

Quote
rodocop
Quote
siria
Har Har... searched around, digged through msfn, but guess where it's hosted? cool smiley
roytam's FF 3.6
roytam's RetroZilla

Thanks too! Strange, could bet tonight the /gpc/files1.rt/ subfolder was missing and broken, but now it finally works.
Yet another very hopeful fallback browser to check out smiling smiley

Of course the best KM dream would be, if KM17alpha2 could get a fixed macros plugin, so that it can at least run and return 'injectJS', plus TLS1.2, then it would perhaps be usable as main browser.

But for now am just relieved that GitHub is accessible again, no matter in which way.

===========

Opera tips and details now continued in own thread:
http://kmeleonbrowser.org/forum/read.php?1,145647



Edited 3 time(s). Last edit at 02/26/2018 05:34PM by siria.

Options: ReplyQuote
Re:
Posted by: anonymous
Date: February 25, 2018 11:23PM

Quote
siria
Of course the best KM dream would be, if KM17alpha2 could get a fixed macros plugin, so that it can at least run and return 'injectJS', ...
'InjectJS' was broken in 'K-Meleon.exe' not in 'macros.dll'.

Options: ReplyQuote
Re: Re:
Posted by: J.G.
Date: February 26, 2018 03:12PM

Shouldn't be better to migrate to TLS 1.3 or create some 'TLS 1.3 fallback' for older systems? Probably it's very difficult, however if KMeleon were able to have TLS 1.3 perhaps some kind of these problems should be solved for a long future. smiling smiley



Edited 1 time(s). Last edit at 02/26/2018 03:13PM by J.G..

Options: ReplyQuote
Re: Re:
Posted by: roytam1
Date: February 26, 2018 04:03PM

Quote
J.G.
Shouldn't be better to migrate to TLS 1.3 or create some 'TLS 1.3 fallback' for older systems? Probably it's very difficult, however if KMeleon were able to have TLS 1.3 perhaps some kind of these problems should be solved for a long future. smiling smiley

may be possible, but I don't know if latest NSPR/NSS still work with older compiler and/or application.

Options: ReplyQuote


K-Meleon forum is powered by Phorum.