[rescue] web proxy server w/SSL/TLS termination

John Floren john at jfloren.net
Fri Dec 21 17:34:39 CST 2018 

The page you linked is primarily concerned with providing SSL frontends to
web *services*. I recently needed the same sort of client-side thing you're
talking about when I discovered Classilla on Mac OS 9 didn't work with all
modern algorithms so some sites wouldn't load.

I don't know of any tool which will let you go over to fully HTTP-only
operation, but if your browsers support *some* level of SSL it should be
possible to get something working. "SSL inspection" is what you want, since
the idea is usually to crack SSL connections for corporate network
monitoring. You can do it with Squid, look for instructions on configuring
a Squid SSL bump. I can post my squid config when I get back from the
holidays if you need.

john

On Fri, Dec 21, 2018, 3:24 PM Jerry Kemp <sun.mail.list47 at oryx.us wrote:

> among other things, I have a personal collection in my home of old
> workstations (SGI Irix boxes and earlier Sun workstations), older
> Macs, etc.  For example, a recent acquisition was a Sun SPARCserver 1000e
> system (Sun4d), with several external drive units.  Pics
> (not mine, just example) here:
>
> <https://en.wikipedia.org/wiki/Sun4d>
>
> As most of you are aware, the web as we know it, continues to become
> increasingly encrypted, with older, commonly used protocols
> such as SSLv3 being depreciated in favor of TLS 1.2, 1.3 and beyond.
>
> I would like to be able to do some basic web surfing on these older
> boxes.  Emphasis on basic.  The reality is, its very unlikely
> that anyone will ever compile a newer browser for my old stuff, and, I
> doubt it would have the encryption/decryption horsepower to
> do so, even if modern browser software were available.
>
> What I'm looking at doing is setting up a web proxy, and, having that web
> proxy also do the SSL/TLS termination.  Ideally, this
> proxy software would run on OpenIndiana, a popular OpenSolaris fork.
>
> As expected of anyone here, making a similar request, I did do some
> homework, and it seems that there are several pieces of Unix
> open-source software that perform this function.   This is just one
> particular hit, but, sharing it as it has a nice summary list of
> software that has this capability:
>
> <https://en.wikipedia.org/wiki/TLS_termination_proxy>
>
> full disclaimer:  This is not for a business, its just for me, in my home.
> I have no intentions of doing Internet banking or
> anything else questionable.  Just want to be able to do some basic web
> surfing, download source code, etc.
>
> Specifically, I'm solely wondering if anyone here has already done
> something like this, and, if so, is there any software in
> particular you might recommend, or, recommend avoiding.   I'm basically
> just looking for software recommendations, from there, I can
> run with the compile+technicals.
>
> Thanks,
>
> Jerry
>
>
> CC::note::also cross posted to the OpenIndiana-discussion mailing list
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue

More information about the rescue mailing list