AFAIK the 9x issue is that even somewhat-strong ciphers are not supported, although I didn’t have any luck finding a source for which ones are and aren’t supported in such old Windows versions. I guess no one has cared enough (yet) about this to share that information
Well, I just spent a while trying to answer that, but unfortunately IE5 and IE6 are too crap to be capable of telling me how crap they are. I tried a bunch of online tests to get a list of supported ciphers, but both browsers are too incompatible to be able to access the test sites. I even tried some local tests, like https://demo.a-sit.at/ssl-check-clientsserver-2/, just in case it was a hosting issue, but nope, IE5/6 can’t work with that locally either. I might have another crack at it, somewhere down the line, but it’s defeated me for today I think.
It’s for NT4 SP6, but presumably if NT4 supports those then so does Win98.
Edit: Actually, that’s inspired me to take a peek inside the registry on Win98 (with IE6 installed), wherein the following ciphers are listed (though they’re not very specific, and may not be super useful on their own, I dunno, this stuff is outside of my wheelhouse):
Win98SE + IE5.01 and Win98SE + IE6 (both have the same in the registry @ HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers)
Ah, yes. I tried the same thing with IE 5.5 on a Windows 98 virtual machine. Told me that “the domain wasn’t available,” which was nothing but a COMPLETE LIE!!
Windows XP seems to have the same (well, minus a few, it’s missing the DES 40/56). One difference is that instead of Fortezza in the KeyExchangeAlgorithms, it has Diffie-Hellman.
I just poked Escargot with a MSN Messenger 5 shaped stick with Ethereal (the old version of Wireshark, because Win98), and as long as TLS1.0 is enabled, it does connect with TLS_RSA_WITH_3DES_EDE_CBC_SHA. It then stops, because there’s an alert thrown in the TLS session, but I can’t see what it is right now because it’s inside the SSL stream.
If you do the same without TLS1.0 turned on, it just throws a Protocol Version alert and fails immediately after the Client Hello.
Nice to hear that at least Win9X attempts to connects with the appropriate ciphers.
Also, Ethereal… You mean, THAT Ethereal? I would DIE to get that! Especially since with the Escargot YMSG frontend going well, versions of Yahoo! Messenger 5.0 and below (the ones that support protocols YMSG9 and below) somehow use 16-bit installers (while the application executables for the appropriate versions are 32-bit, which I find weird). Do you have any links or archives of any remaining versions, because the last time I checked on Google, I saw some… untrustworthy results. There was a result linking to CNET, but after the last time they tried to stuff their downloads with adware, I’m not too sure…
That’s where I got my copy from, seems legit, and it works. I tried 0.99.0 before that, but it’s broken with a bug that was never fixed because it was the final Win98-compatible release. 0.10.14 is fine though.
Kinda funny really, until I had to pick up a copy to test this I forgot it was even called that way back when
Edit: Now my problem is that Fiddler doesn’t work on Win98, so I can’t look inside the SSL stream to find out what that encrypted alert is. Anyone got any ideas?
Definitely don’t use Fiddler4 (the number at the end of “Fiddler” signifies the .NET framework version it is compatible with, and we all know .NET 4 isn’t gonna work with Win9X). I’d see about Fiddler2, but I can’t quite remember the system requirements for .NET Framework 2.x. I’ll go look into that later. But if I find out that .NET Framework 2.x isn’t compatible with Win9X, I’ll try to search for some other Win9X HTTPS packet sniffer alternatives (if there are any lol).
.net Framework 2.0 does work on Win98 (I have it installed in this VM because that’s what Escargot Troubleshooter and Escargot Autopatcher require), but the application itself seems to require WinXP or higher. Thanks for the tip about Fiddler4 vs Fiddler2 though, perhaps it’ll run on KernelEx?
If Fiddler2 doesn’t use too many Windows XP-exclusive libraries and features, then it will probably work on Win9X with KernelEx (I haven’t touched that software like at all). Just a guess, though.
I just gave it a shot anyway, just to see if it’d work, and it does - for future reference, version 2.3.4.5 “runs” in Win98, although it’s a bit of a minefield, even just clicking on the About button in the Help menu causes the program to die because of a required NT function. But it does at least seem to be able to see traffic and let you view that, so that’s potentially helpful.
However, I just realised (upon trying it) that it’s meant for higher level HTTP traffic, and it’s probably not going to be able to show me what that SSL protocol packet is…
Just to check since you’ve gotten this far, are the root CAs updated yet or have you installed them manually? That is, the Let’s Encrypt chain, DST Root CA X3, etc.