Opera 12.18

Deleted User

Deleted User last edited by

omg, unbelievable!
https working again for most sites.

thanks to the devs that have not forgotten the old users.

A Former User

A Former User last edited by

Yes, I've been plagued with sudden shutdowns on Opera 12.17 for months.
I thought it was related to a plugin (specifically Flash) but have never been able to completely confirm that.
So far so good, not had any yet, and I'm hoping that it won't happen with 12.18.

rseiler

rseiler last edited by

Had you ever enabled TLS 1.1 and 1.2 in 12.17? That would cause random crashes for me. It's not a problem in 12.18, however.

A Former User

A Former User last edited by

I would appreciate some advice on what the recommended security protocol settings are now for 12.18.
On 12.17, I had SSL 3 deselected, and TLS 1, 1.1, and 1.2 all selected, and that's how they still are now on 12.18.
IIRC I did have one of the TLS options deselected for quite a long time, but then I found a website that wouldn't work without it.
So, what's the recommended best settings now for compatibility and security?
Any advice welcome.

rseiler

rseiler last edited by

The one important thing is SSL3 off. After that, as you say, you will still occasionally find a site that needs TLS1, so that's probably why they left it enabled. As I recall, negotiation goes from the top down, so it's not as if having all the TLS's enabled means that TLS1 would be used over TLS 1.2 if the site supported 1.2.

Even Chrome, which might be the most aggressive of the browsers in this arena, has TLS1 enabled (Firefox does too).

blackbird71

blackbird71 last edited by

The negotiation normally starts by seeking the highest-grade protocol that can be employed by the browser and site together and which supports a mutually-available encryption cipher associated or available for the protocol, all as specified in the site-cert. If one can't be agreed upon, the negotiation moves downward until it (hopefully) finds one that works. In a sense, the site server is the partner who should best understand the security requirements of the possible transactions it supports and should be the one to call off the negotiation if a suitably safe protocol and encryption cipher can't be agreed upon - whereupon the browser reports it's unable to talk securely to the site.

However, some sites' protocols and encryption requirements/certs aren't well thought through and will negotiate down to protocols whose traffic/encryption can perhaps be too readily cracked or hijacked... in which case, a knowledgeable user may elect to block (uncheck) lesser protocols within his own browser, just in case. In too many cases, 'lazy' sites will only offer a lowest-grade protocol, take it or leave it, so that a user has to accept low-grade protocols or forego the site entirely. And a complicating factor in all this is that all the TLS protocols have certain weaknesses (though fewer than the SSLs), some arguably easier to possibly exploit than others, so that one can't necessarily just argue that TLS1.2 is "safer" than TLS1.1 under all conditions.

At the end of the day, a knowledgeable user has to use whatever he finds works best for him and those secure sites he uses. Less knowledgeable users probably should just turn on whatever is available if browser compatibility with all sites is desired over technically-best traffic security.

bkazmierczak

bkazmierczak last edited by

I'm glad we were able to make some of you guys happy. Thanks for good words!

A Former User

A Former User last edited by

I'm glad we were able to make some of you guys happy. Thanks for good words!

Much appreciated. Working pretty good now

A Former User

A Former User last edited by

Yes, it is very much appreciated.
Presto Opera is still the best browser ever made in the eyes of many people, especially those who appreciated its almost total personal user customisation facilities.
The reasons for dropping it are well documented and completely understandable, but it was still a very sad day when it was seemingly abandoned for what many saw as an inferior substitute.
Thank you so much for keeping the security and compatibility issues of its die-hard users still in mind, I can't imaging the developers of say Google Chrome ever doing that!
:cheers:
With regard to the security settings, thanks for all the advice guys, it sounds as if it will be fine left as it is.
And I still haven't had any more unexplained sudden shutdowns (touches wood)!

A Former User

A Former User last edited by

Sorry, back again!
As this relates only to Opera 12.18 I didn't want to start another thread, but can anyone remember how you get rid of that extremely annoying (and now completely unnecessary IIRC) popup that says "click to activate and use this control" on plugins on later versions of Presto Opera?

I have the xa-nocta batch file and associated scripts which I always used to use to get rid of the bloody thing, but that no longer works on more recent versions. There was a hex edit solution as well IIRC, if we're allowed to mention such things!
I think there was an extension too, but I don't really want to use that as IIRC it only worked for YouTube videos.

The annoying thing is that I'm sure I did it for 12.17, but I now can't remember how as it's so long ago!
It doesn't seem to be a problem with the 64bit version of 12.18 BTW (I use both 32bit and 64bit versions on different operating systems).
Anyone any ideas to jog my memory?

sgunhouse

sgunhouse Moderator Volunteer last edited by

There was a setting presuming you aren't using Turbo…

I'm on my tablet now and can't look, but it should be in opera:config somewhere.

A Former User

A Former User last edited by

This isn't anything to do with the plug-ins only on demand setting.
It's to do with the wretched Eolas patent nonsense, which has now been struck down.
For some reason Opera never seem to have removed the code to prevent plug-ins running automatically, even though the patent hasn't applied since 2012.

rseiler

rseiler last edited by

I was thinking about that Eolas thing yesterday, but I have yet to see it happen in 12.18 x86 (testing Flash), and I couldn't recall doing it for 12.17, so I thought that somewhere along the line that Opera itself finally added the "capability." After all, that lawsuit, or whatever it was, was concluded years ago.

Can you give me an example page?

It was always a patch (at least that I recall), never an opera:config setting (that's way too easy).

All that said, I do see now that my 12.17 Opera.dll had two bytes in it changed from the original, but I have no documentation of why that is all this time later. I thought the Eolas patch (I used xa-nocta too, at least for a while) changed more than two bytes.

A Former User

A Former User last edited by

Hmm, just looked at opera's help: site http://www.opera.com/help and there is presto along with all the other products. I thought presto was long forgotten. What could be the meaning of this?

A Former User

A Former User last edited by

@rseiler
Any YouTube video shows it for me, presumably assuming that auto play isn't enabled.
Just hover the cursor on the video, and a "Click to activate and use this control" box pops up next to the cursor.
The fix did involve changing just two bytes, xa-nocta did that for you if it was a version of opera.dll that it knew about, but it hasn't worked for a long time, since the early versions of Opera 12 in fact.
There were some manual hex editing solutions around, which may well be what I used on 12.17, but the opera.dll on 12.18 seems to be completely different, with none of the hex vales matching at the same locations, so I wouldn't know where to start to find the places to make the two changes. It was just changing two 00 bytes to 01.

rseiler

rseiler last edited by

Yes, that's what my two bytes were too, so we both must have done it manually. Only problem is that my.opera.com, which is where the blog was that explained how, is gone. But as you suggest, the patterns didn't stay the same from build to build, so that probably wouldn't be much help now.

Even with Autoplay off, videos autoplay anyway, so I'm not sure what's going on with Youtube. But I went to other sites too, where videos don't autoplay (like charlierose.com), and still didn't see Click to activate. I'm a bit puzzled.

A Former User

A Former User last edited by

This is very strange!
The Flash videos on charlierose.com don't trigger the popup here, but all YouTube videos do!
I'm seeing the popup on QuickTime videos too. If you have QuickTime installed, have a look here and see if you get the popup when you hover the cursor on the video at the top of the page.

rseiler

rseiler last edited by

I do see it here:
http://www.chemgapedia.de/vsengine/help/en/flash

blackbird71

blackbird71 last edited by

I do see it here:
http://www.chemgapedia.de/vsengine/help/en/flash

Hmm. I don't get any 'click to activate' message there with a largely 'stock' 12.18 USB-on-harddrive install and Flash 20.0.0.206, though I do seem to have to click twice on the graphic's play button (>) to get the sphere-blocks to move the first time after a page reload.

rseiler

rseiler last edited by

It seems there's some other wacky variable to Eolas, but it's good that it's mostly not coming up rather than the opposite.

@davehawley, I looked at the DLL, and it follows a predictable, if not exact, pattern as compared to 12.17, so you should have success.

Search: 89 45 0c 3b d8 75 e8 8b c3 5b 5d c3 8b

You'll find that puts you in the right area, and the work to do shortly follows it.

I would change these two bytes: 6637cf and 6637e4. I don't have many sites on which to check it, but doing that at least eliminated the extra click necessary on the last site that I mentioned.