[rescue] web proxy server w/SSL/TLS termination

Jerry Kemp sun.mail.list47 at oryx.us
Fri Dec 21 17:35:51 CST 2018 

thanks John





-------- Original Message --------
From: John Floren
Sent: Fri, Dec 21, 2018 5:34 PM CST
To: The Rescue List
Subject: [rescue] web proxy server w/SSL/TLS termination

The page you linked is primarily concerned with providing SSL frontends to
web *services*. I recently needed the same sort of client-side thing you're
talking about when I discovered Classilla on Mac OS 9 didn't work with all
modern algorithms so some sites wouldn't load.

I don't know of any tool which will let you go over to fully HTTP-only
operation, but if your browsers support *some* level of SSL it should be
possible to get something working. "SSL inspection" is what you want, since
the idea is usually to crack SSL connections for corporate network
monitoring. You can do it with Squid, look for instructions on configuring
a Squid SSL bump. I can post my squid config when I get back from the
holidays if you need.

john

On Fri, Dec 21, 2018, 3:24 PM Jerry Kemp <sun.mail.list47 at oryx.us wrote:

among other things, I have a personal collection in my home of old
workstations (SGI Irix boxes and earlier Sun workstations), older
Macs, etc.  For example, a recent acquisition was a Sun SPARCserver 1000e
system (Sun4d), with several external drive units.  Pics
(not mine, just example) here:

<https://en.wikipedia.org/wiki/Sun4d>

As most of you are aware, the web as we know it, continues to become
increasingly encrypted, with older, commonly used protocols
such as SSLv3 being depreciated in favor of TLS 1.2, 1.3 and beyond.

I would like to be able to do some basic web surfing on these older
boxes.  Emphasis on basic.  The reality is, its very unlikely
that anyone will ever compile a newer browser for my old stuff, and, I
doubt it would have the encryption/decryption horsepower to
do so, even if modern browser software were available.

What I'm looking at doing is setting up a web proxy, and, having that web
proxy also do the SSL/TLS termination.  Ideally, this
proxy software would run on OpenIndiana, a popular OpenSolaris fork.

As expected of anyone here, making a similar request, I did do some
homework, and it seems that there are several pieces of Unix
open-source software that perform this function.   This is just one
particular hit, but, sharing it as it has a nice summary list of
software that has this capability:

<https://en.wikipedia.org/wiki/TLS_termination_proxy>

full disclaimer:  This is not for a business, its just for me, in my home.
I have no intentions of doing Internet banking or
anything else questionable.  Just want to be able to do some basic web
surfing, download source code, etc.

Specifically, I'm solely wondering if anyone here has already done
something like this, and, if so, is there any software in
particular you might recommend, or, recommend avoiding.   I'm basically
just looking for software recommendations, from there, I can
run with the compile+technicals.

Thanks,

Jerry


CC::note::also cross posted to the OpenIndiana-discussion mailing list
_______________________________________________
rescue list - http://www.sunhelp.org/mailman/listinfo/rescue
_______________________________________________
rescue list - http://www.sunhelp.org/mailman/listinfo/rescue

More information about the rescue mailing list