Problems wit Netscape and old opera

[enigma131]

Hi, thanks for the releases.
I've setup some virtual machines on Virtualbox
Xp with Ie8 : works with webone
Xp with Ie6 : works with webone
I've setup a NT 3.1 machine.
The number of web browser working on it is limitted.
Ie 2.1 : works with webone. This version of Ie have no javascript. I've searched Ie 2.5, that is the last ie 16 bits compatible with Nt 3.1 and the first with javascript, but didn't find it ...
So i have installed :
Opera 3.61: nice browser for Http, but https with proxy gives error :

23.11.2023 13:06:15.690+5969 >CONNECT lite.duckduckgo.com:443 (192.168.1.100)
23.11.2023 13:06:15.690+17639 !SSL Handshake failed: Le client et le serveur ne peuvent pas communiquer car ils ne possèdent aucun algorithme commun. (-2146233087)

Same message for Netscape Navigator gold 3.04 and Netscape Communicator 4.07

Webone is installed on W10 up to date, with .net 6.0 installed .

Is there a setting to make Opera or Netscape work for HTTPs ?

23.11.2023 13:06:15.690+19563 <Done (connection close).

[atauenis]

Sadly, but this is current limitation of WebOne. At this moment minimum versions of browsers which will work via HTTPS are Netscape 7.2 and Opera 9.0. Some work of HTTPS (with certificate warning) also available via 128-bit versions of Netscape (like n32d408.exe, not n32e408.exe) and Opera 4.0+.

https://github.com/atauenis/webone/wiki/HTTPS-and-SSL#client-requirements

[enigma131]

Ah, I had zapped this part of readings...
I continue to search Ie 2.5 or an uprade from 2.1, strange it is woring with it as 6.0 minimum is required.
Regards.

Edit:
For Opera and ssl 3.0 settings, there is a 168 bits 3DES cypher, it diden't work, is it normal ?
I will look more with Wireshark next time.

[atauenis]

https://help.opera.com/en/operas-archived-history/ - seems, Opera 4 is first with 128-bit support. I'm not tested what really is (Opera 7.11 is working at least).

[enigma131]

Ok. Opera 4 seems not compatible with Nt3.1 but i will give a try next.
I've manage to get Ip traffic from the VM vith command:
C:\Progra~1\Oracle\VirtualBox\vboxmanage modifyvm WinNt31Sp3 --nictrace1 on --nictracefile1 file.pcap
Then rename file.pcap, here attached, pehaps you can see what hangs ?
Pcap.zip

[atauenis]

Tested it self. Really, even Opera 3.51 have 168-bit SSL3 support, so elders of the Opera Software ASA something missed in that article. Found that Opera 3.x, 4.x, 5.x are checking SSL certificate even if the root certificate is not imported. These versions of Opera don't support SHA256 signatures, and detecting the certificate as invalid. Even the error message saying this.

For the proxy server (and packet capture log) this looks like a connection drop.

Only Opera 6 and up is displaying a warning message instead of error, and works with SSL via WebOne. But Opera 6 is too new for NT 3.1. Probably, at this moment, work of HTTPS on Win3.1/NT3.1 is not possible, until found of some way to build SHA1/MD5 certificates. Only plain HTTP is working with Opera 3.62, MSIE 1.5/3.0 (2.x not tested at this moment).

[enigma131]

Msi ie 2, 2.1 are working with your proxy ;) , but javascript missing and css in early stage. For these aspects Opera 3.62 is the best, you can connect to win3x.org via http.
Opera 4+ are 32 bit PE format, incompatible with Nt 3.1, must be 16 bit or NT 3.1 special 32 bits format.
Many thanks for your help, I continue searching compatibles Browser, Netscape 3.04 and 4.x are incompatible too.
And yes, If I found a way to give a updated certificate to Opera 3.x, but seems hard coded and not found how to import one

[atauenis]

Msi ie 2, 2.1 are working with your proxy

Even with SSL? Hmm, when I've tested, none of 1.5 32bit, 2.0 16-bit, 3.0 16-bit, 3.0 32-bit worked via HTTPS. Only 4.0 32-bit and up.

And yes, If I found a way to give a updated certificate to Opera 3.x, but seems hard coded and not found how to import one

Theoretically, it's possible to specify some external application to generate certificates. The [SecureProxy] -> SslSiteCertGenerator, SslSiteCerts options are for it. NSS and OpenSSL apps have this feature. But I'm don't know which commands (or series of commands via script) are need to build a signed certificate & key. This is why at this moment I've using .NET libraries to build the certificate, which have ban for pre-SHA2 signatures. For the root certificate (which is SHA1) I've found how to bypass the limitation, but for signed certificates it's not working for unknown reason (probably, the chain-signing method for signed PEM certificates is different than for self-signed, but where - still the question, google not answered me).

[enigma131]

Yes Ie 2.0 and 2.1 works for Https, you have Ip traffic capture in my previous post:

[atauenis]

Both the screenshot and Nt31Ie21.pcap contains only plain HTTP. And Nt31Opera362.pcap contains both working plain HTTP and non-working HTTPS.

[enigma131]

The site is https , but IE 2.1 browser show http. Here an other screen :

[atauenis]

WebOne provides ability for opening all HTTPS sites over HTTP. Even NCSA Mosaic (which have no SSL support at all) successfully opening most of "HTTPS" sites. And for some semi-modern browsers (like MSIE6) it also provides support for accessing all Internet over "true" HTTPS protocol.

About Opera 3.62. Started the virtual machine again, and found the bug (strange, but yesterday it wasn't appear). It freezes at Sending request to remote host. The WebOne log and network dump looks as normal operation, so this more seems to be an Opera bug (or a strange incompatibility at TCP protocol level).

As an workaround, helps setting UseMsHttpApi=yes in [Server] of webone.conf. Why it helps - can't imagine...

With Opera 4.0, situation is opposite. Works only with UseMsHttpApi=no, and sometimes loses access to proxy until restart. Seems, all Operas had very buggy network stack.

[enigma131]

Hum something is wrong here.
If I set UseMsHttpApi=yes , I have no more communication between the VM and the proxy
The message :
WebOne HTTP Proxy Server 0.16.0
https://github.com/atauenis/webone

Using configuration file webone.conf.
Using configuration file codepage.conf.
Using event log file C:\Users\Gilles\AppData\Roaming\webone.log.
Info: [SecureProxy] options are ignored when UseMsHttpApi=1.
Configuration load complete.
The proxy is running in HTTP-only mode.
Listening for HTTP 1.x on port 8080.
And conf file:
webone.zip

[atauenis]

Try to run WebOne as Administrator, or launch netsh http add urlacl url=http://*:8080/ user=Gilles. And consider upgrade to WebOne 0.16.1, it's latest at this moment. :)

[enigma131]

Just upgraded to 0.16.1 and add netsh line under admin on W10 home host.
Change nothing.
What are your settings in Opera ? Mines :

[atauenis]

Almost same:

But none are changing HTTPS work/diswork in Opera 3/4/5. And same set is working in Opera 6+. It's Opera bug.

[enigma131]

I've put same setting as yours, but didn't work under Nt 3.1 .

What is your guest for opera 3.62 ?

[atauenis]

What is your guest for opera 3.62 ?

NT4 SP6.

[enigma131]

I've just try on Nt4, did not work for Opera 3.62, and with vboxmanage trick no paquet exchanged. This means the VM did not see webone in this mode.
So my question:
There are 4 version of Webone, x86/x64 + full/non full
I have x86 non full version installed in x64 Os, does it matter ?

[atauenis]

So my question

This does not matter, if correct .NET Runtime is installed, both working identically. Full version contains bundled support for YouTube video downloading. Non-full versions are requires to manually install FFmpeg and Yt-Dlp to play YouTube videos. They're fat and not need for other proxy's features, so non-full versions are lighter, but working with websites identical to full ones.

I've just try on Nt4, did not work for Opera 3.62, and with vboxmanage trick no paquet exchanged. This means the VM did not see webone in this mode.

Try to disable Windows Firewall, antivirus (if any)? Or another way to connect (Host-Only or Bridge).

[enigma131]

Yep, Problem is host w10 firewall, without it enabled, it works. But I cant work without it disabled.

[enigma131]

I had to add a rule in incoming trafic, to open port 8080 for all programms (webone alone don't work). Is it normal and if no what would be the best settings here ?

[atauenis]

When UseMsHttpApi is enabled, WebOne using Microsoft .NET toolkit to receive and decode HTTP requests. It's based on http.sys driver, which is running in Windows kernel, and I've not found any methods how to configure firewall other than opening the 8080 port for everyone. So this is normal (at least, best of known).

[enigma131]

Ok, glad to read you have same conclusion as my test.
So now all browser, are connecting, including Netscape. I had to increase all buffer to max to make it work.
For Opera 3.62, and only this one, i have crashes on some pages, example www.pcastuces.com
All versions of Netscape and all vesions of IE (including 2.0 to 8.0) are working well, very nice work ;)