What is causing security issues, can I fix this?
-
leocg Moderator Volunteer last edited by
Why did my user name get changed from Opera7user in my Aug 12 post to droid1111 on today's post?
Most probably because you've logged in using that other account.
Made logging in lots of fun since it won't accept the Opera7user name anymore.
What do you mean?
Anyway, this is not the place to discuss problems with Opera account(s). There is a forum for it.
-
A Former User last edited by
What is it so precious about this Windows 98? Or is it just about vintage hardware?
I'm curious.
:rolleyes: -
blackbird71 last edited by
... I have downloaded some other browsers but so far no one has been able to explain why Opera 10 works as described above and other Opera versions don't. It would seem that if one older browser works (somewhat) but newer versions don't, it has to be encryption or certificate issues. Just trying to figure out if I can download certs or a patch or whatever to enable me to continue using the browser I find fastest for my old OS and dialup service. From what I've seen over the years, There are some very smart people here, someone must have an idea on what is causing the problem and "if" it can be fixed. Any takers?
You've moved into the murky regions of deprecated (discontinued) security protocols used for secure Internet connections, and "there be dragons". When a user's browser accesses a secure website, a negotiation must occur between the browser and the site server to establish a mutually-agreeable combination of data-security protocols and related encryption mechanisms. For successful secure communication to occur, both the browser and site server must share the same protocol and encryption/decryption schemes. At a given moment in time, there will tend to be general agreement on what are the best kinds of schemes, and both browsers and servers will contain a somewhat similar range of possible schemes, hence a workable shared scheme can usually be negotiated.
However, things change over time. Security protocols are found to be vulnerable to interference and snooping; encryption schemes are found to be weak and easily breakable. So industry 'standards' organizations eventually deprecate or de-recommend the vulnerable schemes, and servers and browsers tend to follow. Unfortunately, browsers and site servers relying on deprecated protocols don't suddenly migrate to the newer and more-secure protocols; eg, there often will be an extended period wherein a site will still use old deprecated protocols to accommodate browsers that haven't been updated. In some of those cases, old browsers can't support newer protocols because the underlying OS encryption services on which those protocols rely don't contain the newer encryption schemes required by the newer protocols.
Add to this the reality that some older browsers don't always reliably handle the nitty-gritty of the protocol negotiation process with secure sites that have been upgraded to the newer protocols, and you have a recipe for major confusion. This was the case for certain Opera versions around the v10-12 era, leading at one point to Opera force-feeding security protocol choices into certain later versions of users' browsers. Hence, a browser version that might have worked fine earlier with a particular site might fail in a later version if the protocol being used by the site was forcibly switched off by Opera in that version to assure stability or security.
In general, SSL protocol version 2.0 is now considered low security, and all TLS protocols are now supposed to refuse to negotiate downward to SSL 2.0. This can cause problems with certain old browsers that have difficulty establishing a successful TLS negotiation for whatever reason, since a TLS site server may now refuse to negotiate down to SSL like it once did. In the past, those servers would have negotiated down to SSL for that browser, but now they are blocked from it, and the connection fails to establish.
Bottom line: you're likely stuck with whatever you see when using old (and in your case, very old) browsers. The browsers won't be updated with fixes, and in most cases, neither will the old OS's (their lack of newer encryption suites are sometimes related to the problem). You simply have to make do with whatever you can find.
-
A Former User last edited by
Yes, newer windoze versions will allow Opera 11 and upward but my win98 only allows opera 10.63 so unless I wish to change the OS (no) I'm trying to figure out how to get Opera 10 or even 10.63 to work on that web site. For the Moderator - Why did my user name get changed from Opera7user in my Aug 12 post to droid1111 on today's post? Made logging in lots of fun since it won't accept the Opera7user name anymore.
Ah, I hadn't picked up that you were using Windows 98!
You can in fact use Opera versions up to 12.02 using a set of OS extensions called KernelEx.
It's not really for the non-technical, but search for it and see what you think.
If you can deploy it you can use Opera 12.02, which displays that estatesales.net page fine for me under Windows 98.
-
droid1111 last edited by
What is it so precious about this Windows 98? Or is it just about vintage hardware?
I'm curious.Vintage software, 98 is. Loads fast. Unlike Win 10 where you have no say in what MSFT wants to put on your PC or what info they mine off of it, MSFT has no connection to my 98 PC, keep your nose out of my computer!. Win 7 is the last MSFT OS I'll use, then it's on to Linux.
blackbird71 - Thank you. Nice technical reply and I do understand most of it. So the ver 10 had something removed in ver 10.63. I once upgraded the encryption on my Netscape browser, a company produced software to make the change, think it was 125 bit to 256 so I could still do online banking. Hoped something like that was available for the Opera 10 but my guess is, nothing short of rewriting code will achieve that and I don't write code.
Ah, I hadn't picked up that you were using Windows 98!
You can in fact use Opera versions up to 12.02 using a set of OS extensions called KernelEx.
It's not really for the non-technical, but search for it and see what you think.
If you can deploy it you can use Opera 12.02, which displays that estatesales.net page fine for me under
Windows 98.I had downloaded the required software for the KernelEx extension for Win 98 a while back. Recall that some of the Windows Annoyances.org crowd used it (miss that Web site). Someday I'll set up one of my spare PC's and try to get it to work. Is it pretty much a matter of following instructions to get it to work?
-
blackbird71 last edited by
...
blackbird71 - ... So the ver 10 had something removed in ver 10.63. I once upgraded the encryption on my Netscape browser, a company produced software to make the change, think it was 125 bit to 256 so I could still do online banking. Hoped something like that was available for the Opera 10 but my guess is, nothing short of rewriting code will achieve that and I don't write code.
...
I had downloaded the required software for the KernelEx extension for Win 98 a while back. Recall that some of the Windows Annoyances.org crowd used it (miss that Web site). Someday I'll set up one of my spare PC's and try to get it to work. Is it pretty much a matter of following instructions to get it to work?I've slept quite a few nights since those times. What I still recall was that somewhere back in that era, there were problems for some Opera users with certain combinations of checked protocol settings in Ctrl+F12 > Advanced > Security > Security Protocols. It presumably had to do with hiccups and instability in the secure-site negotiation downward to lower-security protocols for some user systems and/or web-servers and in how Opera conducted its part of the negotiations (other browsers didn't seem to show the problem).
In any case, sometime after SSL3 was finally cited in 2014 as insecure, Opera pushed out a silent, forced 'fix' to various Olde Opera version users which forced the security protocol enablings to be set a certain way to enhance security but which avoided selection combinations that had earlier destabilized the protocol negotiations for some users. However, those forced settings didn't provide the protocol settings flexibility that some users like me sought or needed. I recall all of this primarily because, never personally having had the stability problems with my own specific protocol selections, I found my Opera installation was nevertheless being forcibly reset to Opera's new protocol selections each time I restarted the browser (or soon thereafter) due to the auto-updating. Eventually, I was forced to rename the Opera updater file to block the auto-updating of the protocol settings and thereby preserve my own chosen protocol settings. I recall that at the time, not all Opera versions received the forced-updating treatment (especially some older versions), I think because some versions had different protocol offerings which had evolved over time. The net effect now is to create uncertainty regarding which versions had what protocol offerings, what the default protocol selections might have been in which versions (since most users never tweak such settings), and whether those were subsequently affected by any forced updating.
Whether Olde Opera's protocol auto-update force-fix is still active at Opera's servers, or which specific version protocols were affected in which ways, it's impossible for me to say at this distance. Otherwise, as far as I know, there's nothing available now that lets users modernize the security/encryption suites for very old OS's and the old browsers that run on them, though you certainly could try Googling. One of the big encryption stumbling blocks on old systems is the increasing use now of various elliptical cipher variants, and there would be no way to enable such things in an old browser no longer being updated, even if one could somehow install such cipher suites into an old OS.
Regarding KernelEx, I ran a Win98 First Edition system online from 1998 until late 2010, using Opera as the main browser much of that time. I installed KernelEx 4.0 on that system early in 2010 so that I could keep current with newer Opera versions at the time, which were becoming incompatible with Win98 at around 10.x, as well as for some games which also had Win98 issues. The last Opera version I installed on the Win98 system was 10.62, and it needed KernelEx. The KernelEx installation could not have been simpler, and it thereafter worked reliably with all my software until I finally took the system offline in late 2010 for general security reasons (difficulty in finding Win98-compatible AV, etc). For that matter, the Win98 system with KernelEx still works fine, since I use it infrequently for some offline work I do under old DOS-compatible software. I do suggest a full system-drive backup to external media before the KernelEx install, just on principles of good practice, since KernelEx does involve mods to the OS kernel. I believe KernelEx has a built in reversion/removal feature, but I always feel better having an external mechanism to safely 'get back home' should unforeseen bad things happen to good data bits.
-
droid1111 last edited by
Opera pushed out a silent, forced 'fix'
I never allow auto updates on anything including the OS. I pick and choose, so Opera never would have been able to change my version of its' browser.
I do suggest a full system-drive backup to external media before the KernelEx install,
just on principles of good practice, since KernelEx does involve mods to the OS kernelI'll be using a different PC so I'd be starting from square one and then adding the required software AFTER I load KernelEx. Any problems, I just start over, only thing I lose is time (and patience). Thanks for all the tech background. Currently downloading every Opera version around and will see what time brings about with Opera browsers going forward (Maybe I should learn to read Chinese
We used to complain when every few years our computers were replaced by newer faster models. Now everyday our toys get updated or outdated. This rush to buy or use the latest and greatest is nonsense. But in the case of many electronic items, it helps to empty your wallet, that's all the manufacturers really want.
-
blackbird71 last edited by
Opera pushed out a silent, forced 'fix'
I never allow auto updates on anything including the OS. I pick and choose, so Opera never would have been able to change my version of its' browser.
Depending on just how you "never allow auto updates" (and, of course, whether you were using an affected Opera version), you may or may not have successfully blocked Opera's forced updating of the security protocol selections. Each time Olde Opera was started up, the first thing it did was auto-communicate with Opera's servers silently, in the background to see if there were security certificate revocation and browser JavaScript updates. Then - assuming the user hadn't deselected version updating for his installation - it also checked for whether there was a newer version of Opera available. The key point is that even when a user selected "Do not check for updates", Opera would still automatically update its cert-revocation-lists/JavaScript - and it was that hidden avenue that was later used by Opera to also force the updates to the security protocol selections, regardless of the user's version-updating settings. This is why it was necessary for others and me to disable the Opera updater file entirely to block the forcing from changing our protocol enablement settings, and that's why I termed what Opera was doing a 'silent, forced fix'.
At that time, the only ways to prevent the forced auto-updating of the protocol settings was to either disable the updater entirely or to block Opera's server URL access in the user's system firewall.
-
droid1111 last edited by
Each time Olde Opera was started up, the first thing it did was auto-communicate with Opera's servers silently,
I always use Zonealarm "block all Internet Access" when I'm not browsing and remove all browsers when I start Zonealarm up. Opera has never requested access when I start it so I assume it never communicated home.
the only ways to prevent the forced auto-updating of the protocol settings was to either disable the updater entirely or to block Opera's server URL access in the user's system firewall.
Firewall blocked when not using the Net and have never found a request from Opera to access the Net in my firewall's alarm list. I never use java, javascript only occassionally as it slows my connection down.
I finally set up the spare PC, KernalEx now loaded and working. It's gonna take time to set the PC up for everything to work like the old one (exact same model).
You can in fact use Opera versions up to 12.02 using a set of OS extensions called KernelEx.
Thanks Dave, I got it to work with no issues, I'll eventually get on line and see how Opera 12.02 works with KernalEx on my PC. But for now it's a matter of reloading all the software one-by-one on a fresh Win98SE install.
-
droid1111 last edited by
BTW, once I get the KernalEx and Opera up and running, which version javascript should I use/what is the newest version I can load? Is Opera 12.02 the last version I can get to work with KernalEx?
-
blackbird71 last edited by
... Is Opera 12.02 the last version I can get to work with KernalEx?
You may find some useful answers and information here:
http://kernelex.sourceforge.net/wiki/Opera