Windows XP TLS and Cipher Suites

Windows XP TLS and Cipher Suites

Postby luminus » 11.12.2019, 23:33

Hi guys. It is my understanding that wsusoffline 9.2.6 only downloads critical updates. So I'm wondering if there is a way to force wsusoffline to download all non-critical updates for a particular version of Windows?

Also, when Windows XP (wxp) is selected on the GUI window, wsusoffline downloads critical updates for both standard Windows XP and for XP Embedded POSReady 2009. Because of this, it doesn't download update KB4019276 which is required to add TLS 1.1 and TLS 1.2 to Windows XP. This patch also updates the Cipher Suites, enabling Windows XP to have the recommended encryption capabilities. In order to install it, I just add 4019276 to StaticUpdateIds-wxp-x86.txt and place the file in "...\client\static\custom". But how can I force wsusoffline to download this update, which is non-critical but very necessary?
luminus
 
Posts: 3
Joined: 11.12.2019, 23:10

Re: Windows XP TLS and Cipher Suites

Postby Dalai » 12.12.2019, 01:50

luminus wrote:So I'm wondering if there is a way to force wsusoffline to download all non-critical updates for a particular version of Windows?

No, this is not possible - that is unless you want to add all updates, including the corresponding URLs, yourself to wsusoffline\static\custom\*.txt.

Also, when Windows XP (wxp) is selected on the GUI window, wsusoffline downloads critical updates for both standard Windows XP and for XP Embedded POSReady 2009.

Maybe. But POSReady 2009 and XP Embedded were never supported by WSUS Offline and IIRC version 9.2.6 even dropped support for downloading these updates (by excluding them). And keep in mind that XP Embedded is quite different from the regular WinXP.

But how can I force wsusoffline to download this update, which is non-critical but very necessary?

Use the correct file. You added it only to the client part of WSUS Offline (which installs updates), not the download part. You need to acquire the URL of the update yourself and add it to the corresponding file in wsusoffline\static\custom directory, probably StaticDownloadLinks-wxp-x86-<languagecode>.txt where <languagecode> is a three-letter abbreviation of the OS language (e.g. enu for en_US, esn for Spanish, ita for Italian and so on).

Regards
Dalai
Dalai
 
Posts: 1041
Joined: 12.07.2016, 21:00

Re: Windows XP TLS and Cipher Suites

Postby epguy9 » 18.03.2020, 06:35

luminus wrote:Also, when Windows XP (wxp) is selected on the GUI window, wsusoffline downloads critical updates for both standard Windows XP and for XP Embedded POSReady 2009. Because of this, it doesn't download update KB4019276 which is required to add TLS 1.1 and TLS 1.2 to Windows XP. This patch also updates the Cipher Suites, enabling Windows XP to have the recommended encryption capabilities. In order to install it, I just add 4019276 to StaticUpdateIds-wxp-x86.txt and place the file in "...\client\static\custom". But how can I force wsusoffline to download this update, which is non-critical but very necessary?


the KB4019276 update for XP embedded added partial TLS 1.1/1.2 support and some reg entries for them are not correct (so TLS 1.1/1.2 support on XP is not 100% with KB4019276).

https://msfn.org/board/topic/178092-ena ... correctly/

https://msfn.org/board/topic/171814-pos ... /page/116/
epguy9
 
Posts: 22
Joined: 12.10.2016, 16:32
Location: USA


Return to Installation / Updating

Who is online

Users browsing this forum: No registered users and 45 guests