From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jason Vas Dias Newsgroups: gmane.emacs.devel Subject: Re: eww + w3m / GnuTLS TLSv1 support ? Date: Sun, 13 Feb 2022 16:48:00 +0000 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="23552"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: "Herbert J. Skuhra" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Feb 13 17:48:59 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nJI3X-0005wM-Qm for ged-emacs-devel@m.gmane-mx.org; Sun, 13 Feb 2022 17:48:59 +0100 Original-Received: from localhost ([::1]:42228 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nJI3W-000825-Lo for ged-emacs-devel@m.gmane-mx.org; Sun, 13 Feb 2022 11:48:58 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:46540) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nJI2f-0007M8-AP for emacs-devel@gnu.org; Sun, 13 Feb 2022 11:48:05 -0500 Original-Received: from [2a00:1450:4864:20::434] (port=46722 helo=mail-wr1-x434.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nJI2d-0004MN-Jc for emacs-devel@gnu.org; Sun, 13 Feb 2022 11:48:05 -0500 Original-Received: by mail-wr1-x434.google.com with SMTP id q7so23185378wrc.13 for ; Sun, 13 Feb 2022 08:48:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xDd1cp+u9Lnd6ixxPsyZeoB70t532xX5PbQjtdtG5BY=; b=KGJjM85Bzt2DbPBdWxGSNKi/ZTML6G1Haifrovzu4QIrZhJdicgDC+ibBgkZE1blyY qYrmKS9n2VuHvPSfg/KD33VKj1THC/Og2q8hkF1Cik0OMLOElzPO9fXV3YErWcvprfwn vWyuXbWlf+q+00/YmABGT7TyFi1KWXxYgRXUvXuKzuURLicVnSLMACX+DWyhF/FNPh1m rU9Bn6fpIz4xZTYnzfO3CQU2BGQ6oPKxvxTvuJjaKY0IdSVqqd2r8LlGfY396XJT2H5T L2ShMSR21vA+QWqpTBzK7AWEaPFI/DgdcatyF3MZb3iEMBuqFkIP1hp3YoQfRBDtrSAW 3hng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xDd1cp+u9Lnd6ixxPsyZeoB70t532xX5PbQjtdtG5BY=; b=cUIzIUF3F136fNTYmennP4x62hLUObRU2sH2fLwd5ocip9Zf4kwJf1ivcj3TEyujQ3 JtIM/KqQFjkQTAVlRgcQe2+EDrNK/aNN//u/tglamUaCLo35bbo48bQUxtuBxQek38ov AfUzVOFf0VXVEsNVxzqog2G2W2h11wg/+DJwZaOb/QDgm1WRC4kAFfLHJHsG08Y+dPBy bUcdiDk0xbJwFDZPTarleXURAQuNE/BWCn5c6IzSoEU5wImBei6rdIWf2+1ZbPiko04x 6pCf6bHBrnXIOsUJ6uigkOjtlOy42FJXivfHH8a4GQL2E9sfAf8XWIA7ISVkIgtA61G8 ccCg== X-Gm-Message-State: AOAM530sZubRoGY+8Vrh4vpSPHiOJJY9DOwI4vI+8EdjA+vhcG/chhTv 5pmOWgMsw8j8dRebQ7O0wtD5l34BAS9wyK/2Lic= X-Google-Smtp-Source: ABdhPJyG2YIT6RTixWHgs/yWz0AiUi3POo7c+ShvvZRro5IXJ3/xzSTD6xxyvPj57Tm32msmNNwcWv6WqVybpAdM9Q8= X-Received: by 2002:adf:e708:: with SMTP id c8mr8327027wrm.653.1644770881745; Sun, 13 Feb 2022 08:48:01 -0800 (PST) Original-Received: by 2002:a5d:4528:0:0:0:0:0 with HTTP; Sun, 13 Feb 2022 08:48:00 -0800 (PST) In-Reply-To: X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::434 (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::434; envelope-from=jason.vas.dias@gmail.com; helo=mail-wr1-x434.google.com X-Spam_score_int: 7 X-Spam_score: 0.7 X-Spam_bar: / X-Spam_report: (0.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NUMERIC_HTTP_ADDR=1.242, PDS_HP_HELO_NORDNS=0.785, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:286220 Archived-At: Yes, I did try that , and : security.tls.version_min : 1 (was 3) security.tls.version.enable-deprecated : false (was true) After I did this, I did get an 'Enable TLSv1.1 / TLSv1.2' button on FIRST re-load of the page, but pressing this and re-loading had no effect. Still, I have no option to accept the page's self-signed certificate or proceed, but still I get only 'Error code: SSL_ERROR_UNSUPPORTED_VERSION' responses. I then did try setting : security.tls.hello_downgrade_check : false (was true) network.http.spdy.enforce-tls-profile : false (was true) Still no joy with Firefox 96, Chrome Unstable, EWW, W3M - ideally, it would be nice if EWW or W3M would let me set the TLS protocol version to use, with some variable setting - that is really why I was posting to the emacs-devel list. And I am curious as to if there is an Emacs package that enables an 'inferior-nodejs-process' mode, like Slime's 'inferior-lisp-process' , that W3M and|or EWW could use , to serve the HTML DOM XML for loaded pages, and to run JavaScript with the DOM model in place like a browser does - is work done / going on in this direction ? Otherwise it might be nice project to take on ... I did raise a Firefox bug about this also : https://bugzilla.mozilla.org/show_bug.cgi?id=1755196 I am looking into setting up an Apache Module proxy that uses libcurl to request the router webpage and serve it on my local host, that seems to be the only way to fix this problem quickly ... Thanks, Best Regards, Jason Vas Dias On 13/02/2022, Herbert J. Skuhra wrote: > On Sun, Feb 13, 2022 at 02:58:15PM +0000, Jason Vas Dias wrote: >> Good day - >> >> I need to access the website of a modem which ONLY supports >> TLS Version 1.0 - the only CURL options that work for it >> are : >> $ curl -ik --tlsv1.0 --basic -u$USER':'$PASS 'https://192.168.1.1' >> ( options '--tlsv1.'{1,2,3} NO NOT WORK AT ALL ! ) >> OpenSSL s_client also works with ONLY the '-tls1' option >> (but does not do the HTTP Basic Auth as curl does). >> >> I only have access to my up-to-date Fedora 34 Linux x86_64 host, >> or my Android Phone on the WiFi network it serves with hostapd. >> >> It has been the case for a while that Firefox / Chrome for Linux >> do not permit me to use TLS-v1 - only Windows 10's Internet Explorer >> used to work, when run from a Qemu/KVM Windows VM under Linux - but >> now, >> with latest Windows 10 update, even this support has been removed. >> >> So my only home internet connection router's operations / management >> web-page is now completely inaccessable to me from any of 6 modern >> browsers >> I have installed on Linux or Windows : >> ( latest Firefox, latest Chrome, w3m , eww, lynx, MS-Edge, MS-IE ) - >> none of them support TLSv1.0 . > > Have you tried to set > > security.tls.version.enable-deprecated to true > > in Firefox (about:config)? > > This still works with Firefox 97.0 and an old(er) SNOM 300 SIP phone. > > I have created a separate Firefox profile for this use case. > > Maybe other solutions like stunnel, etc. might work too. > > -- > Herbert > >