Provide HTTP fallback or something


#1

Hi,

I was wondering, why does Escargot force HTTPS when the original doesn’t enforce it, and specifically, why on earth does it enforce TLS 1.0 with cipher suites only supported by the schannel.dll and crypt32.dll in Vista/XP with KB4019276 + IE8 updates?

This makes it impossible to connect to Escargot without at least XP and POSReady hack and those particular updates + registry manipulations, meaning OSes like 2K, ME and 98SE are left out (I guess)…

I can’t connect to Escargot on XP. “Upgrading my OS” is not an option because this is a netbook, and any other OS will run terrible on it (trust me I tried with W7: laggy piece of shit on anything except XP/Debian and a battery waste on the latter)

I get it’s for ‘security’ (when in reality it’s also been forced about to obsoletise old hardware, the NSA et al can still bypass this stuff most likely and anyone stealing credentials this way on small websites are just sad nolifes) but honestly, there’s a lot of complaints about XP not working and it seems a lot of it is because of the HTTPS enforcement.

Maybe provide both HTTP and HTTPS connection and allow for downloads to two patched versions (one for HTTP, one for HTTPS) would resolve a lot of the connection problems XP/even older OS users have had…

Thanks for any response.


#2

The problem you bring up only applies to Messenger versions 5.0 and above, which use HTTPS services as an authentication component, and this was intended when Messenger was originally operated, but Escargot is a special case, as @valtron didn’t consider HTTPS compatibility with old systems and went with what he felt was the “most secure” for Escargot to work on XP. I go into more detail in a reply to a post concerning the support of MSN 5.0+ on Windows 98:

Also I do feel like Escargot should lay back on the HTTPS a bit. But that’s in edge cases like for the HTTP gateway that isn’t public, but has been developed on for quite some time, and should be considered being used,

As for a solution to your problem, your best bet right now would be patching XP to use the latest root certificates and IE8, but I can assure you that I’ll try to find a way to avoid this complicated compatibility issue. Or you could use 4.7 and below, but you have to make sure you enabled old MSN support on your account before you try to log in.


#3

I am using 4.7 - specifically the one included with XP - and it doesn’t want to login even with IE8 installed (it was working fine earlier though). Been like this for about an hour now…

But yeah, Escargot should lay off HTTPS a bit and provide a HTTP fallback for those older systems :stuck_out_tongue:


#4

I have tls 1.2,256 bit for ie8 and no problems with msn


#5

I’ll probably just switch to W7 then :stuck_out_tongue: