![]() Such browsers exist and are even well-known we will look at a few.īut let's do one better: all these approaches above need a second system. What you want is a browser that doesn't speak HTTPS itself but allows you to define an "arbitrary protocol" (with "finger quotes") to use an HTTP proxy for, and come up with an HTTP proxy on the back end that can accept these requests. Most browsers don't do this because it's obviously insecure, and none do it out of the box, but some can be taught to. ![]() There is a third alternative, however: configure the browser to send unencrypted HTTPS requests to an HTTP proxy. (If you know of one, post it in the comments.) I imagine it is eminently possible on today's fast systems that an SSLv2 or SSLv3 connection's symmetric key could be broken by brute force by a transparent proxy and used to decrypt the stream, then re-encrypt it to modern standards and pass it on, though I couldn't find a public package obviously like that. The man-in-the-middle step is needed because most old browsers that are SSL or TLS aware don't want the proxy messing with the connection (it's supposed to be secure, dammit), so they open up a raw socket with CONNECT to the desired site such that all the proxy should do is merely move data back and forth. Modern browsers defeat this with certificate pinning, but these browsers wouldn't have that, though you do need to add the proxy as a CA root. Squid offers this feature, and can act either transparently or as an explicit HTTP proxy. A second system that man-in-the-middles a connection using its own certificate authority the request is then upgraded.Despite the name, however, it is accessed as a special web server rather than as an HTTP proxy, so links and pages also have to be rewritten to preserve the illusion. As a bonus some of these also render the page and send it back as a clickable image probably the best known is Web Rendering Proxy which works on pretty much any browser that can manage basic forms and imagemaps. A second system that does the TLS access for them, subsuming the access as part of a special URL.To date, other than the safe haven of Gopherspace, people trying to solve this problem have generally done so in two ways: Even for Mac OS X, the earliest version you can effectively use for Web browsing is 10.4 because no earlier version has a browser that natively supports TLS 1.2, and for most other old Un*ces and the like you can simply forget it. The TLS apocalypse knocked a lot of our fun old machines off the Web despite most of them having enough horsepower for basic crypto because none of the browsers they run support modern protocols.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |