Windows XP lacked any modern cipher support in his heyday. With the POSReady 2009 trick you can get AES 256-Bit, TLS 1.2 support. I will show how to get them. First make sure you have the POSReady trick so you would be able to install them, next download the following updates in order:
AES 256-Bit support(KB3081320)
Update for WES09 and POSReady 2009(KB4019276)
Cumulative Update for Internet Explorer 8(KB4316682)
Update for WinHTTP to add TLS 1.2 support(KB4467770)
Install them all in order, then apply the registry file to enable TLS 1.2 and reboot. Now you can check at the Internet Options and you will see TLS 1.2 and TLS 1.1 in the list.

And Internet Explorer 8 will show that the cipher strength is now 256-Bit.

And howsmyssl.com reports that we do indeed have TLS 1.2 support and no insecure ciphers and we’re no longer vulnerable to the BEAST Vulnerability that affected TLS 1.0.


This doesn’t fully fix the issue with Chromium browsers that use XP’s schannel.dll because SNI or ECC support is not available on XP and you can get ERR_SSL_VERSION_OR_CIPHER_MISMATCH sometimes.