Sought: IE 5.0 "high encryption" (128 bit) patch

Hello Lee,

Above you assume wrong versions though,
....
In my archives, Ie 5.00 came in two flavors 5.00.2014.
0216 and 5.00.2314.1000. The former calls for
IE4AXPDOM.EXE while the latter requires IE4DOM.EXE.

Yep, in that case I certainly did. With the absense of any info I simply
assumed that the rumbers in the filenames where referring to the version of
the browser. But yes, now you mentioned it I can see it might also refer
to the DOM.

IE shows me (help - Info) that I've got version 5.00.2614.3500. Although I
assume that IE4DOM.EXE will work for it I think I will follow your advice to
be cautious and double-check with the contents within.

As for installing a possible virus, I hope I have a trustworthy download
from ftp.sunet.se . It at least looks a *lot* better than the score of
"file repair" sites that ranked higher in Googles search results :-(

I've tried to check the "digital signature" (in W98se) (properties -
digital signature, double-click the single entry in the signature list (-
show certificate) ) but I've got to admit that I have no idea what it should
actually look like or how to know if its fake.

Ahhh, grasshopper - look again. Today's image is different
from yesterday's image as it's always the last few hours on a
constantly rotating basis with a new frame added every 15 minutes.

Lol. Two things:
One: I forgot that my filtering proxy "freezes" GIF images, so I only saw
the first subimage (no movement). :-\
Two: You probably ment that you did save a *link* to that image (allowing
you to retrieve the most current one). Somehow I over-thought it a bit and
assumed you ment you did save it as some kind of vector-file, allowing you
to re-create that specific image. Whoops.

But yes, thats what I would also do when the page its on is filled with all
kinds of (distracting) advertisement cr*p. Actually, I'm doing pretty-much
the same for certain sites I frequent, often using CSS to make large swats
of it "display: none;" :-)

Youtube enhancerplus being one plugin that is outstanding
for blocking all ads at that site and allowing me to save
them for watching with VLC media player anytime I want

Although I would not mind at all to look at a few of such YouTube movies
(i've heard that there are some very nice ones available), I've never felt
at ease with the way they deliver it (flash), so I never had a chance to
look at them (other than looking at someone elses screen). I would lve to
be able to download/view/store some of them in a more reguar (read: with no
active content) format.

Regards,
Rudy Wieser


-- Origional message
Lee schreef in berichtnieuws
...
Hi Rudy,
On Friday, August 28, 2015 at 2:45:02 AM UTC-6, R.Wieser wrote:
Hello Lee,

Thanks for the links. :-)

the only one I find for IE 5 is from IE 5.01 SP2 and is
called IE501DOM.EXE

I found that one too, but as my IE version is 5.00 I assume a that above
patch won't work for me. I did also find an IE5DOM.EXE though.

So, I have a choice between IE5AXPDOM and IE5DOM. Alas, as the page I
found
those on did not offer any explanation to them I have no idea which one I
should install. Or maybe both of them can, or even need to be installed.
Any idea ?


Above you assume wrong versions though, the only way to know for sure which
you need is to consult the instructions (ie.cif) for ie installation
contained within the ie5setup.exe file. Similarly named mutants may have
less than perfect pedigrees which is the main point I seem to be failing to
get across here. You can use which ever you want to, but I would only
settle for genuine MS updates verified with a security tab check on their
right click properties to double check that the package was digitally signed
by MS. This is the part that just can't be faked. Otherwise you might be
installing a virus. I just HATE it when that happens, although I have to
admit it never has, not even once. The name really isn't so important, it's
the source of who put that package together - verify that digitally signed
signature and I have no issues other than version conflicts leading to
dll/hell issues. They can be renamed to whatever as well, but ie will check
exact size and exact name when installing the proper package. This failsafe
is missing when you launch it yourself. Danger Will Robinson, danger.


Maybe you didn't know this part - using WinZip, you can see inside these
IE5DOM.EXE type of files and even extract their contents to find their
digital signatures/version info before you launch the installer package
itself. In my archives, Ie 5.00 came in two flavors 5.00.2014.0216 and
5.00.2314.1000. The former calls for IE4AXPDOM.EXE while the latter
requires IE4DOM.EXE. This information can be found in ie.cif file contained
within ie5setup.exe that will will have the version information found by
right clicking it. After installation there will be a filelist.dat file in
the installation folder that also names exactly what was installed.

Current issue is that I have zero information of ANY ie version that called
for ie5DOM.EXE file - I then have to treat it as a virus. Very likely it's
entirely valid and not a virus, it's just been renamed, but from what? End
of the day, it probably doesn't matter a great deal if you over versioned
these files anyway by installing ie501dom.exe which was used thru 5.50 SP1.
Higher versions of ie simply do not call for these files - exactly why I
haven't looked into yet as it would require a 'clean' installation of
windows itself followed by ie installation and then a search for the same
files and their source found. Or not found at all as the case may be, and
THIS may be your issue to begin with?

Here is a treat just to show you I do know what I'm talking about. Direct
from MS - ie501dom.exe

http://www.download.windowsupdate.co...tic/ie55sp1/x8
6/en/IE501DOM.EXE

It's not in the ie55sp2 folder though, but then it's also not called for
there. I didn't realize this part until today. And the exact why of it
never even attempted before either. Houston, we MAY have a problem?



While 98's mht file save is very nice, modern FF does this too
with a twist. ... where you cut the html file to is where the folder
goes as well automatically - they can not be separated

Yeah, I found that out on an XP machine where I decided that the files in
the supporting folder where not neccesary and I deleted the folder, and it
caused the HTML file (in which I just had painstakingly weeded out all the
cruft, like avatars and such) to disappear as well. :-\

Cut and pasted from a metapad text file

My apologies, but to me that looks like a run-of-the-mill image. Any
reason you're saving it as a metapad text file instead of as an image
(what
are the pro's of doing it that way) ?

Thanks for your help & regards,
Rudy Wieser

Ahhh, grasshopper - look again. Today's image is different from yesterday's
image as it's always the last few hours on a constantly rotating basis with
a new frame added every 15 minutes. It's also an animated gif and that link
has been valid for a decade at least. The advantage to doing it this way
rather than just use their website as most are apt to do, is that I don't
get a pop up showing carrot top trying to sell me life insurance nor do I
have to wait for umpteen other gifs and flash to load, all attempting to
divert my attention from the impending tornado storm perched above my
location. I need to see where it came from so I can guess as to where it
might be going and just exactly when that might happen. But mostly I need
that information right NOW without any extra trash that really used to be an
issue when I was on dialup at 19.2 speeds.

Watching Gilbert Gottfried trying to sell me Seinfeld's long handled shoe
horn is funny on the other hand and I truly loved it, but I still don't want
to see it when it's the imminent weather that is my goal. Saved as a
standard text file means I don't need a (nonexistent) web page with a link
on it to that animated gif in order to get to it. I could just copy and
paste the link into any browser window too, but double clicking is way
faster and without typos, I get there really quick like.

Thanks Bill for UnMHT addon info for FF, will be considering it as quite a
few FF addons are extremely good at what they do. Youtube enhancerplus
being one plugin that is outstanding for blocking all ads at that site and
allowing me to save them for watching with VLC media player anytime I want.
I probably could watch them in 98 too, but downloading them with 98 is
probably not very easy.

MHT file save was broken in ie for the longest time, finally by version 5.50
SP2 they had it working pretty good.

Lee,

/n:v Do not check version
https://support.microsoft.com/en-us/kb/831167
https://support.microsoft.com/en-us/kb/842607

I just tried to visit those pages, but they only gave me a "An error
occurred", "Please try your request again later" page. Any chance you can
post those switches you mentioned (I do seem to need them, as trying to
apply that IE4DOM.exe gives a "not compatible to the current system" error)
?

Regards,
Rudy Wieser

On Saturday, August 29, 2015 at 8:00:41 AM UTC-6, R.Wieser wrote:
Lee,

/n:v Do not check version
https://support.microsoft.com/en-us/kb/831167
https://support.microsoft.com/en-us/kb/842607

I just tried to visit those pages, but they only gave me a "An error
occurred", "Please try your request again later" page. Any chance you can
post those switches you mentioned (I do seem to need them, as trying to
apply that IE4DOM.exe gives a "not compatible to the current system" error)
?

Regards,
Rudy Wieser

Hi Rudy,
Try to paste them into your address bar and then modify them such that the trailing s is removed from https to be http instead. You are asking an SSL compromised system to access SSL site by having the s on there. Won't work.

MS may have or may not have a non-SSL copy of the page, so there is that aspect too.

Any chance you can provide a link to your 5.00.2614.3500 version so I can take a look at it myself? If it's on a CD, please name the CD as best you can or otherwise get me to where I can lay hands on these files, TIA. At this point we really don't know which package you need yet. The answer to that is inside ie5setup.exe. Use WinZip to open it and use notepad to look at ie.cif file, search for 128 and find the exact file you need under the [128Update] section.


From http://support.microsoft.com/en-us/kb/831167 ::


Deployment information
The packages for this update support the following Setup switches:

/q : Use Quiet mode or suppress messages when the files are being extracted.
/q:u : Use User-Quiet mode. User-Quiet mode presents some dialog boxes to the user.
/q:a Use Administrator-Quiet mode. Administrator-Quiet mode does not present any dialog boxes to the user.
/t: path Specify the location of the temporary folder that is used by Setup or the target folder for extracting files (when using /c).
/c Extract the files without installing them. If /t: path is not specified, you are prompted for a target folder.
/c: path Specify the path and the name of the Setup .inf file or the .exe file.
/r:n Never restart the computer after installation.
/r:i Prompt the user to restart the computer if a restart is required, except when this switch is used with the /q:a switch.
/r:a Always restart the computer after installation.
/r:s Restart the computer after installation without prompting the user..
/n:v Do not check version. Use this switch with caution to install the update on any version of Internet Explorer.

For example, to install the update without any user intervention and without a restart, use the following command:
q831167.exe /q:a /r:n

R.Wieser wrote:

Youtube enhancerplus being one plugin that is outstanding
for blocking all ads at that site and allowing me to save
them for watching with VLC media player anytime I want

Although I would not mind at all to look at a few of such YouTube movies
(i've heard that there are some very nice ones available), I've never felt
at ease with the way they deliver it (flash), so I never had a chance to
look at them (other than looking at someone elses screen). I would lve to
be able to download/view/store some of them in a more reguar (read: with no
active content) format.

Perhaps my last post in the topic "Is there any browser for Win98 that can
save Youtube Videos?" might be helpful?

--
__ __
#_ |\| | _#

Hi Rudy,

Never mind:
https://support.microsoft.com/en-us/kb/969393 Information about Internet Explorer versions

Shows me that you are dealing with ie as installed when 98se is and I already have that source from which to work with. Here is what I found.

You indeed have the export version of encryption (low bit count) which includes these files:

From Layout.inf and layout2.inf file in your INF folder -

enhsig.dll=29,,16384
rsabase.dll=40,,94480
schannel.dll=40,,163840

First number is the CAB number from which they came:
WIN98_29.CAB
WIN98_40.CAB

WinZip can extract these files for you too - I use WinZip 8.0 since it's a bit simpler than higher versions are apt to be.

Second number in the above list from layout.inf series of files is the size of the file which isn't so important. What is important is their versions:

enhsig.dll 5.0.1877.3
rsabase.dll 5.0.1877.3
schannel.dll 4.84.1901.1877

Here are the versions contained within the above linked to IE501DOM.EXE file:

enhsig.dll 5.0.1877.3
rsaenh.dll 5.0.1877.8
schannel.dll 4.87.1959.1877

As you can tell there is not much difference so I'm still thinking it would be alright if you downloaded IE501DOM.EXE from the above link and applied it. Rsaenh.dll is the 128 bit version of rsabase.dll and does the same job except at 128 bit capabilities. Both of these files contain DLL_register functions and will need to be registered after installation which the IE501DOM.EXE file does for you automatically and silently. But there is a delayed installation clause within that inf file guiding the update so you may need to reboot and just to be sure reboot twice before thinking - 'well, that didn't work !!'.

But to register such files manually one opens the Run Box and places a line in it such as this:
regsvr32 rsaenh.dll

If it's successful, you will see a box suggesting that the dll was successfully registered or an error if not found, etc. All these files will be found in the Windows\System folder and/or should be placed there if manually reverting to original files. You only need to register this one file, the others don't have the need or capability, in such a case the regsvr32 function will report that it couldn't find the entry point to do the desired registering with. No harm has been done in any event.

Thanks Nerd Kev for the suggestion, but I'm quite happy to keep 98 off the net entirely because XP with FF has so very many more advantages that don't require kernel32 mods and flipping backwards landing on my feet either. If it was easy, everybody would be doing it - to me it's not easy enough. Thanks again though.

Hello Lee,

Try to paste them into your address bar and then
modify them such that the trailing s is removed from
https to be http instead.

MS does not want to play nice here, I instantly get redirected to a HTTPS
connection (why ? I do not have the foggiest. Its just *info* for gods
sake).

You are asking an SSL compromised system to access
SSL site by having the s on there. Won't work.

:-) The "error message" was just a page generated by MS and than send back
to my browser. In other words, the HTTPS connection itself worked. Nope,
I got the feeling MS has again changed something at their side (maybe even
something as simple as a brower-check and seeing I'm (still) using "a now
fully obsolete OS").

If it's on a CD, please name the CD as best you can

As far as I can remember its straight off of a Win 98se installation CD.
Language: Dutch. Timestamp of the Setup.exe program: May 5 1999, 22:22.00.

I did search for that IE5setup.exe program on my harddrive and that
installation CD, but could not find it (in the latter case most likely its
someowhere in one of those .CAB files).

The packages for this update support the following Setup
switches:
....
/n:v Do not check version. Use this switch with caution
to install the update on any version of Internet Explorer.

Thanks.

It jogged my mind though: If all those update packages check for the correct
environment before even attempting to install I could just try to start a
bunch of them and see which one sticks. Or am I than trusting MS too much ?

========================
-- Responding to the second message:

What is important is their versions:
....
schannel.dll 4.84.1901.1877

In my case the currently installed schannel file has got a version number of
5.00.1877.4 (export version). Which is a bit larger than th IE4DOM or any
of the IE5xxx versions. I'm rather unsure if replacing it with a version of
a lower level would be a good idea ... :-\

On the other hand, what choice(s) do I have ? I think I will go for that
IE501DOM first, and if it does not "stick" try the IE5DOM one.

And by th way, I'm going to try that on a test machine. If it toppels over
I might even ditch the whole thing. :-)

But there is a delayed installation clause within that inf file guiding
the update so you may need to reboot and just to be sure reboot
twice before thinking - 'well, that didn't work !!'.

Thanks for the warning, as that certainly would have thrown me off.

========================
-- Responding to the third message:

But sometimes they are the only source for DOS files that
turned out to be genuinely the DOS file I was looking for.

True. I've had one time I resorted to downloading the same file from
different such sites, comparing them against each other. After three "no
difference" tests I took the file to be genuine.

A strong HOST file protects me from a lot of ads and very bad sites

That, and the filtering proxy I have which does a few things more, as well
as not allowing random active content on my 'puter has taken care of viri
for the last decade+ for me.

The actual last one I got was the "happy 99" "virus". My recognision of the
attachments name came a split-second too late for me to tell my index-finger
*not* to click on the attachment. :-\ :-)

FF does use IE's HOST file BTW

As long as FF uses the standard OS way to resolve its adresses it will (I've
got one program (not a browser) which uses its own, to time-out long before
a normal resolve-request does).

The youtube enhancer plus I refer to above will save them
as .mp4 or webm at your choice

The problem of most of those is that they are mostly after-the-fact (of
having download them using flash) enhancements. In other words: they won't
work if you do not (want to) have flash installed. :-\

Thanks for all the offered help. :-)

Regards,
Rudy Wieser

R.Wieser wrote:


MS does not want to play nice here, I instantly get redirected to a HTTPS
connection (why ? I do not have the foggiest. Its just *info* for gods
sake).

There have been a lot of advancements in SSL/TLS front since
Win98. All of the activity, means the web is gradually moving
to https for even unimportant things, and with the web sites
also requesting TLS, you've magically got no working
communications channel.

Qualys SSL Labs - Projects / SSL Client Test

https://www.ssllabs.com/ssltest/viewMyClient.html

What is happening with SSL/TLS, is to protect against
certain client vulnerabilities, the web sites are
preventing "fallback" to SSL. Your client might
support SSL3, but the web site may use some flavor of
TLS as a minimum. On some sites, they seem to support
the older protocol, but change the key maybe once a minute,
your client has the first key cached or something, and then
your connection "breaks" from the one minute mark onwards.
Until you clear the cache and try again.

It's just a world of broken-ness.

Paul

Hi Rudy,
On Sunday, August 30, 2015 at 5:40:45 AM UTC-6, R.Wieser wrote:
Hello Lee,

MS does not want to play nice here, I instantly get redirected to a HTTPS
connection (why ? I do not have the foggiest. Its just *info* for gods
sake).


New behavior to me, but I don't have your setup either - I wouldn't know a proxy if it ran up and bit me in the hindquarters. I get the same page for either link used. I mistakenly assumed you could see one of them at least and of course I'm even more baffled and clueless than you are.



I did search for that IE5setup.exe program on my harddrive and that
installation CD, but could not find it (in the latter case most likely its
someowhere in one of those .CAB files).


No, you won't ever find it because it's not there as this was a truly integrated IE installation done with Windows. My advice above is for stand alone installation packages of IE only and they didn't make 5.00.2614.3500 as a stand alone version, the beast simply does not exist in that form. The only way you can have it is to install 98se. And this version only came with 40 bit export level encryption.

Every file that is in those .CAB files is listed in the layout.inf series of text files in your INF folder - just a reminder. This is the purpose of the layout files too.


It jogged my mind though: If all those update packages check for the correct
environment before even attempting to install I could just try to start a
bunch of them and see which one sticks. Or am I than trusting MS too much ?


You can trust this function to a great extent in fact. But you've already run into one of the downsides... read further

========================
-- Responding to the second message:

What is important is their versions:
...
schannel.dll 4.84.1901.1877

In my case the currently installed schannel file has got a version number of
5.00.1877.4 (export version). Which is a bit larger than th IE4DOM or any
of the IE5xxx versions. I'm rather unsure if replacing it with a version of
a lower level would be a good idea ... :-\


Well, higher version doesn't really mean 'better', it's just a number after all. We are supposed to use that number to make judgement decisions with, that's it's actual purpose.

Here is the deal breaker though - (export version) literally means it's 40 bit encryption and you need 128 bit encryption so this schannel.dll file will never work right for you - it simply has to go for that reason alone even if it is a higher version file. Personally, I would try to delete it manually or with brain in gear this time around, cut it to one of your personal folders for safe keeping. If Windows does not allow you to do this because it's in use, then you'll have to run IE501DOM.EXE /n:v in the Run Box and then reboot to allow Wininit to overwrite the file while still in DOS mode during the next boot up. Which is how these updates replace files that currently are in use quite often - it's an automatic function built into the update package. You'll probably have to add a path statement to the Run Box text to tell Windows where to find the IE501DOM.EXE file too.

Not that it matters much, but inside the IE501DOM.EXE file, the schannel.dll file is actually named sch128c.dll so as to remind the package makers that this is the 128 bit version. Only during the file copy process does the update rename it to be schannel.dll. This commonly isn't done but this isn't a common update either.

I've just noticed something rather odd though, the original schannel.dll file has a version box number of 4.84.1901.1877 but if you click thru the 'Other version information' section down lower, you get a file version there of 5.00.1877.4 just as you report above. For these discussions, one should always go by the version box number which is less in this case because the file was made on an NT machine. This is why you will also see Microsoft(R) Windows NT(R) Operating System in some of the texts in the 'Other version information' section. This is secondary data that originates from the parent machine where the file was created then and not so important. Certainly not as important as the file version box number which is always highlighted just after you click on the version tab. Only this number is the official version number. Maybe you are just looking at the wrong version number? Let's make it more confusing and use three version numbers? With this brilliant idea, I'll get hired by MicroSoft for sure now if they are reading this, right?


The problem of most of those is that they are mostly after-the-fact (of
having download them using flash) enhancements. In other words: they won't
work if you do not (want to) have flash installed. :-\

Thanks for all the offered help. :-)

Regards,
Rudy Wieser

True enough, you can't use youtube enhancer plus without first installing Flash. Flash is going to die soon enough on it's own, the end is nigh as they say. To be replaced by another monster even worse, no doubt. I'm making hay while the sun shines and I stock pile them where the future is uncertain about that aspect.

Paul brings up some scary thoughts. Soon enough 128 bit won't be enough to get your email with, we'll have to carry those extra bits around with us in five gallon buckets just to get our pay checks cashed at the bank.

"R.Wieser" wrote:

https://support.microsoft.com/en-us/kb/831167
https://support.microsoft.com/en-us/kb/842607

I just tried to visit those pages, but they only gave me a "An error
occurred", "Please try your request again later" page.

When browsing anything.microsoft.com I've found that Firefox 2.0.0.20
(the default browser I use on my win-98 systems) renders very little of
those pages.

On the other hand, Opera 12.02 works very well.

Any chance you can post those switches you mentioned (I do seem to
need them, as trying to apply that IE4DOM.exe gives a "not compatible
to the current system" error)

The following is a copy of support.microsoft.com/en-us/kb/831167

====================================
You cannot log on to a Web site or complete an Internet transaction, or
you receive an HTTP 500 (Internal Server Error) Web page

Symptoms

You may not be able to log on to a Web site or complete an Internet
transaction after you install the 832894 (MS04-004) security update. For
example, when you submit your user name and password to an SSL-secured
Web site by using a form on a HTTPS Web page, you may receive an HTTP
500 (Internal Server Error) Web page.

Cause

This problem may occur after you apply the 832894 security update
(MS04-004) or the 821814 hotfix on a computer that runs Microsoft
Windows XP, Windows 2000, Windows NT 4.0, Windows Millennium Edition, or
Windows 98.

For additional information about these software updates, click the
following article number to view the article in the Microsoft Knowledge
Base:

832894 MS04-004: Cumulative security update for Internet Explorer
https://support.microsoft.com/en-us/kb/832894

821814 You receive a "page cannot be displayed" error message when you
post to a site that requires authentication
https://support.microsoft.com/en-us/kb/821814

The 832894 security update (MS04-004) and the 821814 hotfix change how
the Internet extensions for Windows (Wininet.dll) retries POST requests
when a Web server resets the connection. Programs that use Windows
Internet (Wininet) application programming interface (API) functions to
post data (such as a user name or a password) to a Web server retry the
POST request without including the POST data if the Web server closes
(or resets) the initial connection request.

Note A POST request does not include POST data if its content length is
set to 0 or is empty.

Sometimes, this behavior prevents another reset and permits
authentication to complete. However, you may receive an HTTP 500
(Internal server error) Web page if the Web server must have the POST
data included when Wininet retries the POST request.

Resolution

Update information

To download and to install this update, visit the Microsoft Windows
Update Web site, and then install critical update 831167:

http://update.microsoft.com

Administrators can download this update from the Microsoft Download
Center or from the Microsoft Windows Update Catalog to deploy to
multiple computers. If you want to install this update later on one or
more computers, search for this article ID number by using the Advanced
Search Options feature in the Windows Update Catalog.

For more information about how to download updates from the Windows
Update Catalog, click the following article number to view the article
in the Microsoft Knowledge Base:

323166 How to download updates that include drivers and hotfixes from
the Windows Update Catalog
https://support.microsoft.com/en-us/kb/323166

The following files are available for download from the Microsoft
Download Center:

Download the Q831167.exe (32-bit) package now.

http://www.microsoft.com/downloads/d...displaylang=en
Moved to he
http://www.microsoft.com/en-us/downl....aspx?id=18786

Direct Download:

http://download.microsoft.com/downlo...b7/Q831167.exe

Download the Q831167.exe (64-bit) package now.

http://www.microsoft.com/downloads/d...displaylang=en

Release Date: February 12, 2004

For additional information about how to download Microsoft Support
files, click the following article number to view the article in the
Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services

https://support.microsoft.com/en-us/kb/119591

Prerequisites

To install this update, you must be running Internet Explorer 6 SP1
(version 6.00.2800.1106) on one of the following versions of Windows:

Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition, Service Pack 1
Microsoft Windows XP
Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
Microsoft Windows NT Workstation, Server, and Terminal Server Edition
4.0 Service Pack 6a
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition

Note Because the 832894 (MS04-004) security update supports Windows 98,
Windows 98 Second Edition, Windows Millennium Edition, and Windows 2000
SP2, this update will be also be supported on those operating systems.

Restart requirement

You must restart your computer after you apply this update.

Update replacement information

This update replaces 821814 for Windows XP, Windows 2000, Windows NT
4.0, Windows Millennium Edition, Windows 98 Second Edition, and Windows
98.

Note This update does not replace 821814 for Windows Server 2003 because
the problem that is described in this article does not occur on Windows
Server 2003-based computers.
Deployment information

The packages for this update support the following Setup switches:

/q : Use Quiet mode or suppress messages when the files are being
extracted.
/q:u : Use User-Quiet mode. User-Quiet mode presents some dialog boxes
to the user.
/q:a Use Administrator-Quiet mode. Administrator-Quiet mode does not
present any dialog boxes to the user.

/t: path Specify the location of the temporary folder that is used by
Setup or the target folder for extracting files (when using /c).
/c Extract the files without installing them. If /t: path is not
specified, you are prompted for a target folder.
/c: path Specify the path and the name of the Setup .inf file or the
..exe file.
/r:n Never restart the computer after installation.
/r:i Prompt the user to restart the computer if a restart is required,
except when this switch is used with the /q:a switch.
/r:a Always restart the computer after installation.
/r:s Restart the computer after installation without prompting the user.
/n:v Do not check version. Use this switch with caution to install the
update on any version of Internet Explorer.

For example, to install the update without any user intervention and
without a restart, use the following command:

q831167.exe /q:a /r:n

File information

The English version of this update has the file attributes (or later)
that are listed in the following table. The dates and times for these
files are listed in coordinated universal time (UTC). When you view the
file information, it is converted to local time. To find the difference
between UTC and local time, use the Time Zone tab in the Date and Time
tool in Control Panel.

Date Time Version Size File name Platform
-------------------------------------------------------------------
06-Feb-2004 18:05 6.0.2800.1405 588,288 Wininet.dll
07-Feb-2004 01:41 6.0.2800.1405 1,796,608 Wininet.dll IA-64

Workaround

If you cannot apply the update that is discussed in the Resolution
section, you can use one of the following server-side actions to work
around the problem:

Increase the HTTP keep-alive timeout interval on the Web server or the
proxy server. There is no setting in Microsoft Internet Information
Services (IIS) to control the keep-alive timeout other than the Windows
registry KeepAliveTime value. But with some Web servers and some proxy
servers, you can specify a connection expiration time. If you can
specify a connection expiration time in the Web server or the proxy
server, increase the keep-alive timeout interval. See your Web server
documentation for the correct setting name and value. The default
keep-alive timeout value for Internet Explorer is one minute (60
seconds). Therefore, you must use an HTTP keep-alive timeout interval on
the Web server or the proxy server that is greater than one minute.

For additional information about the Windows KeepAliveInterval
parameter, the Windows KeepAliveTime parameter, and the Internet
Explorer KeepAliveTimeout parameter, click the following article numbers
to view the articles in the Microsoft Knowledge Base:

314053 TCP/IP and NBT configuration parameters for Windows XP
120642 TCP/IP and NBT configuration parameters for Windows 2000 or
Windows NT

813827 How to change the default keep-alive time-out value in Internet
Explorer
https://support.microsoft.com/en-us/kb/813827

Disable the HTTP "keep alive connections" on the server. For additional
information, click the following article number to view the article in
the Microsoft Knowledge Base:

238210 HTTP keep-alive header sent whenever ASP buffering is enabled
https://support.microsoft.com/en-us/kb/238210

Status

Microsoft has confirmed that this is a problem in Microsoft Internet
Explorer 6.

More information

Important This section, method, or task contains steps that tell you how
to modify the registry. However, serious problems might occur if you
modify the registry incorrectly. Therefore, make sure that you follow
these steps carefully. For added protection, back up the registry before
you modify it. Then, you can restore the registry if a problem occurs.
For more information about how to back up and restore the registry,
click the following article number to view the article in the Microsoft
Knowledge Base:

322756 How to back up and restore the registry in Windows

After you apply the 831167 software update that is described in this
article, programs that use Wininet functions to post data to a Web
server will resend complete POST requests when a connection with a Web
server is reset.

To enable header-only post behavior, create a DWORD value named
SampleApp.exe, where SampleApp is the name of the executable file that
runs the program. Set the DWORD value's value data to 1 in one of the
following registry keys:

For all users of the program, set the value in the following registry
key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\FeatureControl\Retry_HeaderOnlyPOST_ OnConnectionReset
For the current user of the program only, set the value in the following
registry key:

HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\FeatureControl\Retry_HeaderOnlyPOST_ OnConnectionReset

For example, to enable header-only post behavior in Internet Explorer
and in Windows Explorer, create DWORD values for Iexplore.exe and for
Explorer.exe in one of these registry keys, and then set their value
data to 1.
=========================

Paul,

All of the activity, means the web is gradually moving
to https for even unimportant things

So I noticed. Even worse: Plain HTML pages which than "need to"
retrievesome informational (mostly not important at all) images by HTTPS.
:-\

It's just a world of broken-ness.

Yup. Even more so as I cannot seem to find any way to determine what my
browsers (IE as well as FF) are supporting*, nor what certain websites
require. It depends on the luck of the draw. For example, I can get an
HTTPS connection to Google and MS, but my ISP refuses the same. :-(

*Thanks for that ssllabs link, but without JS (which I keep disabled) it
cannot even seem to display my current connection encryption ...

Regards,
Rudy Wieser


-- Origional message:
Paul schreef in berichtnieuws
...
R.Wieser wrote:


MS does not want to play nice here, I instantly get redirected to a
HTTPS
connection (why ? I do not have the foggiest. Its just *info* for gods
sake).

There have been a lot of advancements in SSL/TLS front since
Win98. All of the activity, means the web is gradually moving
to https for even unimportant things, and with the web sites
also requesting TLS, you've magically got no working
communications channel.

Qualys SSL Labs - Projects / SSL Client Test

https://www.ssllabs.com/ssltest/viewMyClient.html

What is happening with SSL/TLS, is to protect against
certain client vulnerabilities, the web sites are
preventing "fallback" to SSL. Your client might
support SSL3, but the web site may use some flavor of
TLS as a minimum. On some sites, they seem to support
the older protocol, but change the key maybe once a minute,
your client has the first key cached or something, and then
your connection "breaks" from the one minute mark onwards.
Until you clear the cache and try again.

It's just a world of broken-ness.

Paul