K-Meleon 1.6 with TLS1.2, do-it-yourself
Finally
K-Meleon 1.6 with TLS1.2!!
(For retro-fans, KM1.6/1.7 of the era Firefox3.5/3.6 can run in windows98se with basic KernelEx4.5.2)
UPDATE 2020-02-27: How it does WORK, fully:
Summary:
roytam1 finally posted a complete TLS-package, with TLS1.2 ciphers,
in a topic for Netscape9 in another forum:
https://www.vogons.org/viewtopic.php?p=829618#p829618
Luckily this package also works in some other browser builds, incl. K-Meleon1.6
Just NOT in KM1.7alpha, which was not compiled with MSVC 7.1
Important:
For
K-Meleon the file sqlite3.dll must be removed from the package, the original dll must remain.
Download:
http://o.rthost.win/gpc/files1.rt/ns9-nss-update.7z
(discussion see in posts below)
------ Old original post / IGNORE
Don't quite dare to fully believe it yet - but:
it looks like my old tweaked KM1.6beta26 finally can show TLS1.2 sites!
No pesky "cipher_overlap" errors anymore, 99% internet again instead of lately just 50%!
Github showing up again, wikipedia, twitter, dev.mozilla, etc etc etc...
(hmm... still a bit suspicious... am probably confusing something...
and why am I getting a deja-vu feeling now... can't remember...)
HOW it finally worked, using blind guessing after long trial+error struggles,
and mysterious error about a missing "personal security manager (PSM)":
- checked roytam's 2 recent builds of KMzilla154, which FILES were changed between v1-v2
(he deletes older versions, but just unzip current version and sort by file dates)
- from those 11 new files copied over the 9 youngest files from ROOT of
KMz154v2 into KM1.6
(after
backup original files of course!)
- +1 file "nssckbi.dll" (older v1) copied over from KMz154 into KM1.6
- +1 file "/greprefs/security-prefs.js" (v2) copied over too
- +3 files "/components/pip...xpt" (v1) copied over too (attention, xpt, NOT DLL!)
- just in case, deleted the usual cache files: 2 files "/components/*.dat" and xul.mfl in profile folder
It works, although one of the new files is refused, the console shows XPCOM-error:
/components/pipnss.dll
So this file can not be replaced, it must remain the ancient KM1.6 original version from 2011.
Luckily the internet seems to work fine with the old version too.
So far......
Disclaimer!
Of course, this was just experimental to finally get the public internet loading again, websites like wikipedia or twitter etc. But this 'blind trial+error' method is NOT fully secure. And only some of the security files are updated, not all =>
WARNING: Do
NOT use this mixup for websites which must really be secure, like banking or shopping!
Strongly suspect the same prodedure may work with old
K-Meleon1.7alpha too, but this was always much buggier as KM1.6b2.6, can't use it.
FILES:
Extract the updated TLS1.2 files from roytam1
retrozilla build of KM1.5.4_TLS1.2, with sha256 and sha384 support (for VANILLA Windows98!)
http://kmeleonbrowser.org/forum/read.php?22,151512
(http or)
https://o.rthost.win/gpc/files1.rt/K-Meleon1.5.4en-US.tls12.7z
EDIT later, 2020-02-21:
PITY...
Well, as suspected from the start, this does help only partly, for the most important sites.
But not nearly as good as "original" TLS1.2 builds, like roytam's recent KMz1.5.4
This DIY experiment seems to load only those
domains which old OPERA12.02 can still load fine too.
And it still suffers from that absolute KILLER BUG that loading pages must never, ever be interrupted accidentally for a split second (slow connection timeout or hickup, clicking a link, etc) before the very last bit of all content has finished, otherwise the whole domain is immediately broken again until next session, showing cipher errors again
By the way this also affects sites which still do load fine with TLS1.0 too, like browsing (just viewing) amazon and others.
EDIT later, 2020-02-27:
see SOLUTION at top of this post!
Edited 6 time(s). Last edit at 07/27/2020 12:17PM by siria.