Opera 12.17 and security protocol handling

  • Opera 12 provides TLS 1.0, 1.1 and 1.2 protocols but cannot save the two later versions for more than a very few days, after which only TLS 1.0 is available. TLS 1.1 and 1.2 can be restored to use by updating the security settings, for a while. The Qualys SSL Labs client test confirms that TLS 1.2 does work when Opera 12 is not suffering from amnesia.

    Why do I still use Opera 12? Opera made too good a job of Opera 12 and making it so feature rich.

  • Disable Opera's updatechecks (and never check by hand! with menu Help) and Opera 12 will stay TLS with v1.1 and v1.2. The update check forces TLSv1.0-only. Ask Opera ASA why they force such a insecure behaviour.

  • Disable Opera's updatechecks (and never check by hand! with menu Help) and Opera 12 will stay TLS with v1.1 and v1.2. The update check forces TLSv1.0-only. Ask Opera ASA why they force such a insecure behaviour.

    I'm not Opera, but I recall that a number of users in old forum threads had crashes with various websites if TLS 1.2, 1.1, and 1.0 were all enabled and SSL3 disabled in Olde Opera. So Opera probably elected to avoid all that by simply periodically forcing the browser to disable all but TLS1.0 protocol choices via browser background updating processes (there are a couple of these built-in besides just the more visible version updating). My guess is that some kind of conflict in the browser protocol/encryption negotiations or implementations with certain site servers can occur in Olde Opera. In past years when SSL3 was widely employed by many sites, browser-site problems with other protocols were likely masked by such usage. Now, as the other protocols are forced to become more widely used because of the SSL3 insecurity deprecation, those problems are more evident.

    I've been running Opera 12.14 for some time now with all three TLS protocols enabled (and updating blocked) and have yet to run into the crashing issue... but then again, I no longer use Olde Opera nearly as much as I used to. A growing incompatibility with websites, and especially an increase in https unsuccessful-connection issues, is starting to finally envelope Olde Opera and degrade its reliable day-to-day usage.

  • Thank you both for taking the trouble to provide that explanation.

  • I'm no longer current on the crashing issue that Blackbird describes, since I was annoyed enough by it back then to ever try experimenting with those settings again (it sounds like Opera has since changed what they're pushing out), but I'm curious Blackbird, what browser do you use now more than Opera 12?

  • I have checked out the client test provided by Qualys SSL Labs at https://www.ssllabs.com/projects/index.html and find that Opera 12.17 is declared to have good protocol support and that the user agent is apparently not vulnerable to POODLE or FREAK.

    I no longer use Opera where secure privacy of data is necessary, e.g. online financial transactions but I am happy to continue its use for general web browsing. I have only found one site where Opera 12.17 outright won't work. It is The Guardian newspaper: https;//www.theguardian.com/uk

    If a site doesn't work, I give it a miss.

  • Drat! There's no edit feature. The Guardian URL has a typo.

  • ... I'm curious Blackbird, what browser do you use now more than Opera 12?

    It's shared between Vivaldi (which I've been trialing) and Firefox (default). I use Olde Opera now mainly to cross-check operation at sites that fail or work oddly on my other browsers, of which there are around 7 installed.

  • @hake, maybe it's a regional thing, but I don't have any problem with that site in 12.17. Maybe right-click the page, edit site prefs, and clear the cookies? I'm not even using any masking. Maybe things go wrong when you login (I don't have an account)?

    @blackbird, yes, I'm keeping an eye on Vivaldi too, though I think it's months away at least, so I'm continuing on with 12.17 for now since it's heavily customized and it would require a towering pile of extensions to create the equivalent in Firefox, which I also tend to keep open and use as a second browser for things that I know don't fly any longer in Ye Olde. (If I do switch to a Mozilla browser though, it'll likely be Cyberfox, a nice 64-bit superset of Firefox with fantastic user support.)

  • ...
    @blackbird, yes, I'm keeping an eye on Vivaldi too, though I think it's months away at least, so I'm continuing on with 12.17 for now since it's heavily customized and it would require a towering pile of extensions to create the equivalent in Firefox, which I also tend to keep open and use as a second browser for things that I know don't fly any longer in Ye Olde. ...

    It's taken me 11 extensions to get Firefox to look and behave roughly like I had Olde Opera set up (toolbars, bookmarking, etc, etc) - sigh! Vivaldi's second or third TechPreview#1 update did nearly all of that right out of the box with no extensions. It's still a work in progress, so I've kept it at the stand-alone install level thus far, just in case.

  • Opera 12.17 routinely loses TLS 1.1 and 1.2 even though update checking is now suppressed. The rationale behind such behaviour is bizarre. Was the person responsible for this behaviour under the influence of intoxicating substances? It really defies logic to default to the least recent security handling protocol.

    Why can't Opera correct this? It is objectionable to override a user's elected choice and mine is to enable all the TLS versions, permanently.

  • The Qualys SSL Labs client test says of Opera 12.17:-

    "Your user agent doesn't support TLS 1.2. You should upgrade.
    The protocols supported by your user agent are old and have known vulnerabilities. You should upgrade as soon as possible. The latest versions of Chrome, Firefox, and IE are all good choices. If you can't upgrade IE to version 11, we recommend that you try Chrome or Firefox on your platform."

    Why doesn't Opera correct this? There can be no justification for deliberately disabling TLS 1.1 and TLS 1.2 WITHOUT INFORMING THE USER.

  • Opera is pretty much useless now , no security protocols to handle any new sites update...just a big waste of time .
    No more menus , they are trying to kill opera and are doing a great job

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.