Finally K-Meleon 1.6 with TLS1.2!!
(For retro-fans, KM1.6/1.7 of the era Firefox3.5/3.6 can run in windows98se with basic KernelEx4.5.2)

UPDATE 2020-02-27: How it does WORK, fully:
Summary:
roytam1 finally posted a complete TLS-package, with TLS1.2 ciphers,
in a topic for Netscape9 in another forum:
https://www.vogons.org/viewtopic.php?p=829618#p829618

Luckily this package also works in some other browser builds, incl. K-Meleon1.6
Just NOT in KM1.7alpha, which was not compiled with MSVC 7.1

Important:
For K-Meleon the file sqlite3.dll must be removed from the package, the original dll must remain.

Download:
http://o.rthost.win/gpc/files1.rt/ns9-nss-update.7z

(discussion see in posts below)


------ Old original post / IGNORE

Don't quite dare to fully believe it yet - but:
it looks like my old tweaked KM1.6beta26 finally can show TLS1.2 sites!
No pesky "cipher_overlap" errors anymore, 99% internet again instead of lately just 50%!
Github showing up again, wikipedia, twitter, dev.mozilla, etc etc etc...
(hmm... still a bit suspicious... am probably confusing something...
and why am I getting a deja-vu feeling now... can't remember...)

HOW it finally worked, using blind guessing after long trial+error struggles,
and mysterious error about a missing "personal security manager (PSM)":

- checked roytam's 2 recent builds of KMzilla154, which FILES were changed between v1-v2
(he deletes older versions, but just unzip current version and sort by file dates)
- from those 11 new files copied over the 9 youngest files from ROOT of KMz154v2 into KM1.6
(after backup original files of course!)
- +1 file "nssckbi.dll" (older v1) copied over from KMz154 into KM1.6
- +1 file "/greprefs/security-prefs.js" (v2) copied over too
- +3 files "/components/pip...xpt" (v1) copied over too (attention, xpt, NOT DLL!)
- just in case, deleted the usual cache files: 2 files "/components/*.dat" and xul.mfl in profile folder

It works, although one of the new files is refused, the console shows XPCOM-error:
/components/pipnss.dll
So this file can not be replaced, it must remain the ancient KM1.6 original version from 2011.
Luckily the internet seems to work fine with the old version too.
So far......

Disclaimer!
Of course, this was just experimental to finally get the public internet loading again, websites like wikipedia or twitter etc. But this 'blind trial+error' method is NOT fully secure. And only some of the security files are updated, not all =>
WARNING: Do NOT use this mixup for websites which must really be secure, like banking or shopping!

Strongly suspect the same prodedure may work with old K-Meleon1.7alpha too, but this was always much buggier as KM1.6b2.6, can't use it.

FILES:
Extract the updated TLS1.2 files from roytam1 retrozilla build of KM1.5.4_TLS1.2, with sha256 and sha384 support (for VANILLA Windows98!)
http://kmeleonbrowser.org/forum/read.php?22,151512
(http or) https://o.rthost.win/gpc/files1.rt/K-Meleon1.5.4en-US.tls12.7z

EDIT later, 2020-02-21: PITY...
Well, as suspected from the start, this does help only partly, for the most important sites.
But not nearly as good as "original" TLS1.2 builds, like roytam's recent KMz1.5.4
This DIY experiment seems to load only those domains which old OPERA12.02 can still load fine too.
And it still suffers from that absolute KILLER BUG that loading pages must never, ever be interrupted accidentally for a split second (slow connection timeout or hickup, clicking a link, etc) before the very last bit of all content has finished, otherwise the whole domain is immediately broken again until next session, showing cipher errors again By the way this also affects sites which still do load fine with TLS1.0 too, like browsing (just viewing) amazon and others.

EDIT later, 2020-02-27: see SOLUTION at top of this post!



Edited 6 time(s). Last edit at 07/27/2020 12:17PM by siria.

Since KMz154_TLS1.2 is based on Retrozilla, I wonder if the files of Retrozilla itself may work too?
Some day may try that too. Or anyone know?

And can't test anymore if this mixup still works with basic KernelEx452 too, since I've updated to KernelEx2016, but considering the new files were copied from a browser for native Win98, so chances are quite high.

By the way there are some people who can even run the current KM-Goanna76 on Win98!
Without any tweaking of the browser itself, but a lot more general tweaks and updates of the operating system. Mine has some updates too, but not as many. And KM1.6 also runs fine with just basic KernelEx452, that was an incredibly tiny file, zipped only a few 100kB.

Well, the main thing is, the internet works again. In a browser suitable for daily use on Win98 with simple KernelEx, which isn't too buggy due to young age, or due to ancient Firefox2 engine age. But otherwise not sure what to think of such a 'blind' mixup. Or anyone with expert knowledge can shed some light on it or has tips about such a mixup mess...?

Quote
siria
Since KMz154_TLS1.2 is based on Retrozilla, I wonder if the files of Retrozilla itself may work too?
Some day may try that too. Or anyone know?

And can't test anymore if this mixup still works with basic KernelEx452 too, since I've updated to KernelEx2016, but considering the new files were copied from a browser for native Win98, so chances are quite high.

By the way there are some people who can even run the current KM-Goanna76 on Win98!
Without any tweaking of the browser itself, but a lot more general tweaks and updates of the operating system. Mine has some updates too, but not as many. And KM1.6 also runs fine with just basic KernelEx452, that was an incredibly tiny file, zipped only a few 100kB.

Well, the main thing is, the internet works again. In a browser suitable for daily use on Win98 with simple KernelEx, which isn't too buggy due to young age, or due to ancient Firefox2 engine age. But otherwise not sure what to think of such a 'blind' mixup. Or anyone with expert knowledge can shed some light on it or has tips about such a mixup mess...?

wow, kind of fun.

but why older nssckbi.dll is used instead of newer one in archive?
and for official rz, which is built with VC6, is not suitable to replace anything in KM1.x, which is built with VC7.

Quote
roytam1
wow, kind of fun.
but why older nssckbi.dll is used instead of newer one in archive?

Glad you like
nssckbi.dll is v1 simply because it was not updated in v2, still same file in both.
I only mentioned v1/v2 because the initial theory was "the update from v1 to v2 added only more ciphers, so all files with a newer date must be needed for that crypto stuff." Then turned out, as expected, that wasn't enough. And one of the new files gets even blocked by xpcom. Next thought, of course it makes sense that not all crypto-files are updated by just adding more ciphers, so, which others may be needed? First suspect were the pip-files, and after a few rounds, it finally worked!! Only afterwards got the idea that all nss-files are probably related too, then moved over nssckbi.dll as well.

Perhaps yet more crypto files belong together and should ideally be copied too, just not sure which. Remembered Dependency Walker again, and it strongly suggests nspr4, plc4, plds4, along with mozcrt19. But cannot find this moz-file in KM154. Hmm...
May experiment more, but then again: the engine itself is much older as in KM1.6, so wrong files would be a regress?? And after all, it does work already fine, just trying to reduce unknown future probs.
Or, perhaps it would be better idea to copy the files from your fx36 build? TLS slightly outdated from 2017, but engine newer, not older.... and VC7 too:

Quote
roytam1
for official rz, which is built with VC6, is not suitable to replace anything in KM1.x, which is built with VC7.

Thanks for this info! Saved me probably a lot of wasted time.
Looks like I was just lucky to have started with KM154 instead of Retrozilla Only started wondering if Rz may work too, in case some day I may finally try to collect and upload somewhere an updated KM1.6 build if no one else does (variation of James' last beta2.6, which was impossible to download for years, plus more macros, toolbars, and above all new TLS of course), but no clue where to point for sources if anyone insists.

UPDATE:
after some real experience with this experiment, have added more info in the first post now.

To sum it up:
sadly this didn't turn out a "golden" solution, only a "silver" one.
But anyway, still a whole lot better as the original rusty old iron with TLS1.0 ;-)

if you need newer cipher suites, you may try this:
http://o.rthost.win/gpc/files1.rt/ns9-nss-update.7z

Quote
roytam1
if you need newer cipher suites, you may try this:
http://o.rthost.win/gpc/files1.rt/ns9-nss-update.7z

Could this ciphers be added to any K-meleon version, or is it just compiled for 1.x versions.



Edited 1 time(s). Last edit at 02/27/2020 03:46PM by JohnHell.

K-Meleon1.6 with new TLS1.2 files:

Quote
roytam1
if you need newer cipher suites, you may try this:
http://o.rthost.win/gpc/files1.rt/ns9-nss-update.7z

Aahh... almost!!
Was just going to do a happydance after ALL domains started showing up with this update, incl. some which could not be unblocked yet by my previous DIY-experiment
But now find:
all cookies are lost and new ones work in session only, cookies cannot be stored anymore.
And my huge collection of site permissions(.sqlite) is lost too, and new entries lost between session
(if anyone tries this, just make a backup copy of your current profile folder first)

Same killer prob as in KG74 on my current system state with shaky kernelex v16/17, sqlite stops working. But unlike KG74, the history still works in this KM1.6-update, because that older engine still stores history in another format. Was already a bit suspicious when seeing the sqlite.dll among the new files...
No idea it that's due to the files themselves?
Or perhaps just caused by the KernelEx version? Perhaps this TLS-update would still work fine with old basic Kex4.5.2?? But can't test this anymore on that system now, and don't understand at all how KernelEx installation works, how younger partial Kex updates are installed.

Also did a very quick test now with KM1.7a2 with those new TLS-files, was always assuming that the engines were still closely related. To my surprise couldn't get 1.7 to start at all, it complains that xpcom cannot be initialized.



Edited 1 time(s). Last edit at 02/27/2020 02:44PM by siria.

K-Meleon1.6 with new TLS1.2 files:

Quote
roytam1
if you need newer cipher suites, you may try this:
http://o.rthost.win/gpc/files1.rt/ns9-nss-update.7z

YES! YES! YES!
Forget my post above - it REALLY WORKS FULLY!!!
Now really doing a happy dance!

Just the sqlite3.dll must be removed from the zip, not be replaced.
After dropping the old original sqlite3.dll from 2011 into this updated folder and restarting again, cookies + site permissions work again too! Even the old entries showed up again, that means they were not touched at all by the previous test, only unreadable for it

I was going to suggest it while I was reading the post above. I don't know why the sqlite dll in that package :-?

Quote
JohnHell
I was going to suggest it while I was reading the post above. I don't know why the sqlite dll in that package :-?

because it is for Netscape 9. for KM, sqlite3.dll should not be replaced.

original post is here: https://www.vogons.org/viewtopic.php?p=829618#p829618



Edited 1 time(s). Last edit at 02/27/2020 04:10PM by roytam1.

Quote
roytam1

Quote
JohnHell
I was going to suggest it while I was reading the post above. I don't know why the sqlite dll in that package :-?

because it is for Netscape 9. for KM, sqlite3.dll should not be replaced.

original post is here: https://www.vogons.org/viewtopic.php?p=829618#p829618

Ok, but you didn't answer to my first question

Can that NSS update be used with any K-meleon version, or just with 1.x? (without the sqlite dll)

Yeah, I know, I could test myself, but better ask

Quote
JohnHell

Quote
roytam1

Quote
JohnHell
I was going to suggest it while I was reading the post above. I don't know why the sqlite dll in that package :-?

because it is for Netscape 9. for KM, sqlite3.dll should not be replaced.

original post is here: https://www.vogons.org/viewtopic.php?p=829618#p829618

Ok, but you didn't answer to my first question

Can that NSS update be used with any K-meleon version, or just with 1.x? (without the sqlite dll)

Yeah, I know, I could test myself, but better ask

it should work on builds that is compiled with MSVC 7.1.

This may be a really, really dumb request...but I'll ask it anyhow:
Might one of the kind folks here be willing to zip up this whole wonderful result so that dumber folks (like myself...) could get it, open it up & use it ??

Thanks.

Quote
smallhagrid
This may be a really, really dumb request...but I'll ask it anyhow:
Might one of the kind folks here be willing to zip up this whole wonderful result so that dumber folks (like myself...) could get it, open it up & use it ??

roytams TLS1.2 files above are already zipped up, to be dropped into an existing KM1.6 browser (or Netscape9)
But huh??! You really sure you want to step back some decades to KM1.6?? Believe me it's no fun, even if websites are finally loading again with those mircacle files, but there's still a lot of css and JS broken, needing lots and lots of fiddling to find special site tweaks to get them better readable again.

Hi Siria and Thanks !!
Yes, I absolutely adored my older K-M versions & have found much sadness in trying to get 75.x & 76.x to even stay open under WINE.
My thinking is that perhaps the older version(s) will be more tolerant of that situation & having a whole copy that was confirmed to run on someone else's PC beforehand would give me the confidence of a definitive yes/no as to whether it works OK.

Does that make sense ??

Thanks Again.

That Linux issue sounds worrying. Hopefully not in all variations, someone else had posted somewhere that new KM works okay in his own Linux.

When stepping back to ancient versions, the best compromise for starting is probably roytam's fork of Naruman's old KM74+1 (though pity not based on final bugfixed version). He updated the whole engine recently from Gecko24 to PaleMoon26, added newest TLS1.2 ciphers, and fixed also 1-2 old KM bugs from original old KM74, especially the half broken injectJS macro function works again. And possibly automatic site-UAs for native Mozilla prefs too, but not sure (may have pseudo-fixed that myself in omni.ja, but running into other old probs again due to no clue how to cleanly rip out the hardcoded UA-addon added by Naruman/Rodocop/other forkers, but just the same as in PRO which you already like)

KM-Goanna74 (KMG74, KG74) with just recently updated TLS ciphers:
http://kmeleonbrowser.org/forum/read.php?19,146040
Important: the date in the filename is wrong currently, just ignore it, download it just in case again and look inside the zip to check its real build date. Roytam1 preferred to store the recent update with the now wrong old date again, like KMzilla154 too IIRC, since only (??) the cipher suites are updated.

For Win98 users: this KG74 fork is intended for native Win2000 systems.
But also runs -with lots of crashing- when a newer KernelEx version is installed. And the compat-setting on the exe must be set to Win2000.

Hi Siria.
I tried several version both older & newer & had no better response, so I'm sticking with the 75.1 Pro version that I've tweaked to my liking - even though it sort of randomly & spontaneously closes itself down.
I'd really enjoy knowing the details of someone else's success if you happen to remember the details of that ??

Thanks.