Windows XP Users: step-by-step guide to get Tequila to work again.

[Faultline]

Why?

Short version: you're running an old and insecure operating system. This will make it marginally more secure.

Windows XP shipped with Internet Explorer 6, and TLS 1.0 support (disabled by default, to boot) and it hasn't updated the root certificates in quite a while. This means that if you try to visit any website that uses HTTPS, or download a file from them, it either will not work, or it will complain about invalid certificates. Even if you don't use Internet Explorer as your web browser on Windows XP, most "embedded" browsers in the operating system are an Internet Explorer component behind the scenes. For our purposes, this means that Tequila will fail to download the game unless you install these updates.

All the files mentioned in this post can be downloaded from here: https://github.com/FaultlineHC/TLSonXP

 

Step 1: Install Internet Explorer 8

Short version: run 001 IE8-WindowsXP-x86-ENU.exe and follow the prompts to install IE8. Restart your system when done.

If you already have Internet Explorer 8, you can skip this step. Otherwise, download Internet Explorer 8 from https://download.microsoft.com/download/C/C/0/CC0BD555-33DD-411E-936B-73AC6F95AE11/IE8-WindowsXP-x86-ENU.exe or use the installer provided in the above link; it's the same file. Internet Explorer 8 is also limited to TLS 1.0, but unlike Internet Explorer 6, it can be upgraded to support TLS 1.2.

 

Step 2: Mark your system as PosReady 2009

Short version: double click 002 Enable PosReady.reg and let it merge the keys with the registry.

PosReady 2009 is the last version of Windows XP Embedded. This is needed in order to install the following updates, since Microsoft never made them available to retail versions of Windows XP. The included .reg file will change the one registry key needed; it has no effect on the system other than letting these updates install. POS stands for Point of Sale, not the other thing that you are thinking of, although that also applies to Windows XP at this point.

 

Step 3: Install Security Updates

Short version: run 003 windowsxp-kb4019276-x86-embedded-enu.exe, 004 ie8-windowsxp-kb4316682-x86-embedded-enu.exe, 005 ie8-windowsxp-kb4230450-x86-embedded-enu.exe, 006 windowsxp-kb4467770-x86-embedded-enu.exe and 007 WindowsXP-KB3055973-v3-x86-Embedded-ENU; let them finish. Restart your system afterwards.

These are the updates that add TLS 1.2 support; they can be downloaded manually from https://www.catalog.update.microsoft.com/search.aspx?q=kb4019276 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4316682 https://www.catalog.update.microsoft.com/search.aspx?q=KB4230450 https://www.catalog.update.microsoft.com/Search.aspx?q=KB4467770 and https://www.microsoft.com/en-us/download/details.aspx?id=48214 or use the installers provided in the above link; they are the same files.

 

Step 4: Enable TLS Support

Short version: double click 007 Enable TLS Support.reg and let it merge the keys with the registry.

This file sets up several registry keys to enable TLS support on system components, and allows Internet Explorer 8 to display the flags to enable them. Without this, the TLS 1.1 and 1.2 options will not show up on Internet Explorer 8, even if they're installed. This file will also add some WindowsUpdate URLs for updating security certificates.

 

Step 5: Update Security Certificates

Short version: run 008 Cert_Updater_v1.6.exe and let it finish.

This will update the security certificates to the latest version and allow sites to load without root certificate errors. This file is a modification of the rootsupd.exe file from Microsoft in order to run on XP; details on how to download and create your own are here: https://msfn.org/board/topic/175170-root-certificates-and-revoked-certificates-for-windows-xp/#comment-1095349

 

Step 6: Enable TLS!

Short version: Open IE8. Go to Tools > Internet Options > Advanced. Scroll all the way to the bottom and check the boxes "Use TLS 1.1" and "Use TLS 1.2".

After doing that, you should now be able to use Tequila to download updates again, and Internet Explorer 8 will be able to load most HTTPS websites. That said, don't use Internet Explorer 8! If you must browse the web on Windows XP, you should download and install Firefox, that still supports Windows XP and provides much better security.

[Jawbreaker]

I'm having similar issues with the Homecoming launcher, will this fix that as well?

[Faultline]

1 hour ago, Jawbreaker said:

I'm having similar issues with the Homecoming launcher, will this fix that as well?

 

Maybe, however I believe @Number Six is making the Homecoming launcher use its own certificate store and crypto management, like Firefox does, in order to not rely on the Windows schannel library at all.

[Jawbreaker]

14 minutes ago, Faultline said:

 

Maybe, however I believe @Number Six is making the Homecoming launcher use its own certificate store and crypto management, like Firefox does, in order to not rely on the Windows schannel library at all.

This is the issue I'm getting

[Faultline]

That's a different issue altogether, it may really be a DNS issue or it may be a transient network glitch. If it happens to you every single time, it is worth looking at your network settings and changing your DNS servers to 1.1.1.1 and 8.8.8.8 which are public DNS servers operated by CloudFlare and Google respectively, much more reliable than most ISPs.

[ArchVileTerror]

Thanks for continuing to support XP and the players who (need to) use it.

[Jawbreaker]

3 hours ago, Faultline said:

That's a different issue altogether, it may really be a DNS issue or it may be a transient network glitch. If it happens to you every single time, it is worth looking at your network settings and changing your DNS servers to 1.1.1.1 and 8.8.8.8 which are public DNS servers operated by CloudFlare and Google respectively, much more reliable than most ISPs.

Thank you I will try that

 

[WanderingAries]

On 5/2/2021 at 2:38 PM, Faultline said:

That's a different issue altogether, it may really be a DNS issue or it may be a transient network glitch. If it happens to you every single time, it is worth looking at your network settings and changing your DNS servers to 1.1.1.1 and 8.8.8.8 which are public DNS servers operated by CloudFlare and Google respectively, much more reliable than most ISPs.

 

This made me consider looking into it in general (again), but I never really looked hard enough before to see if it was worth the tweaking as I'm not sure what negative side effects it may have. I did come across this which happens to include some testing instructions and a Nice list of DNS servers.

 

https://www.increasebroadbandspeed.co.uk/guide-best-fastest-dns-servers-ps4

[jimdays]

I've never played a computer game in my life, but starting about ten years ago, I wasn't able to download public library ebooks anymore on this XP netbook, got error message "[Adobe] Digital Editions cannot connect to the fulfillment server". Your above method completely solved the problem. No more error message, and I can download ebooks again. Thank you very much. And well written so I was able to follow the procedure. I have a question. Why does my XP netbook cut off the letters on many websites? This happens on all the browsers. I installed all the certificates in above procedure, but that didn't help. Also, why do I get security error when using google chrome going to this (homecomingservers) website? (Mypal, firefox I don't get any errors). Error:

This site can’t provide a secure connection

forums.homecomingservers.com uses an unsupported protocol.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Edited January 3, 2022 by jimdays