From: "Jason Vas Dias"<jason.vas.dias@gmail.com>
To: emacs-devel@gnu.org
Subject: eww + w3m / GnuTLS TLSv1 support ?
Date: Sun, 13 Feb 2022 14:58:15 +0000 [thread overview]
Message-ID: <hhsfsmvmns.fsf@jvdspc.jvds.net> (raw)
Good day -
I need to access the website of a modem which ONLY supports
TLS Version 1.0 - the only CURL options that work for it
are :
$ curl -ik --tlsv1.0 --basic -u$USER':'$PASS 'https://192.168.1.1'
( options '--tlsv1.'{1,2,3} NO NOT WORK AT ALL ! )
OpenSSL s_client also works with ONLY the '-tls1' option
(but does not do the HTTP Basic Auth as curl does).
I only have access to my up-to-date Fedora 34 Linux x86_64 host,
or my Android Phone on the WiFi network it serves with hostapd.
It has been the case for a while that Firefox / Chrome for Linux
do not permit me to use TLS-v1 - only Windows 10's Internet Explorer
used to work, when run from a Qemu/KVM Windows VM under Linux - but now,
with latest Windows 10 update, even this support has been removed.
So my only home internet connection router's operations / management
web-page is now completely inaccessable to me from any of 6 modern browsers
I have installed on Linux or Windows :
( latest Firefox, latest Chrome, w3m , eww, lynx, MS-Edge, MS-IE ) -
none of them support TLSv1.0 .
It would be great if W3M or EWW (which I think both use GnuTLS ?)
could somehow allow users to set the TLS version to use - then
at least I'd be able to view the router configuration, if not
make changes (that woud require JavaScript, but that's another
issue) .
Can W3M or EWW be made to use 'curl' or 'openssl s_client' under
the hood for the HTTPS connection ? I think that might be easiest
option to develop something quickly that works ...
An attempt to make Emac's GnuTLS connect the the TLSv1 only website
fails :
(defvar my-tls-stream nil)
(set-variable my-tls-stream (open-gnutls-stream "tls" "tls-buffer" "192.168.1.1" "https"))^X+^E
my-tls-stream:
gnutls.el: (err=[-8] A packet with illegal or unsupported version \
was received.) boot: (:priority NORMAL:%DUMBFW :hostname \
192.168.1.1 :loglevel 0 :min-prime-bits nil :trustfiles \
(/etc/pki/tls/certs/ca-bundle.crt /etc/ssl/cert.pem) \
:crlfiles nil :keylist nil :verify-flags nil :verify-error nil \
:callbacks nil)
Entering debugger...
Unfortunately the modem is not rooted and while I can SSH to the
modem, which can be done ONLY using SSH settings:
-o
KexAlgorithms=diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
I cannot make any configuration changes with the SSH login non-root
session - only the web page can interact with daemons that run as root..
The only way of making configuration changes is via the JavaScript
TLSv1.0 website , for which I need a text-mode HTML Forms supporting
browser with basic JavaScript support (I have nodejs, it should not be too
difficult to get EWW or W3M to run JavaScript scripts? ).
It seems more fun & useful to extend EWW / W3M to support
TLS version & protocol configuration & to be able to run
JavaScript 'XmlHttpTransaction's via nodejs than to try to
build an old version of Firefox / Mozilla / SeaMonkey / Chrome that
supports TLSv1.0 - I might be into doing a little work on that.
Is there any work going on in that direction ?
If so , please let me know - any tips how to get W3M or EWW to
browse a website only over TLSv1 or using 'curl' or 'libcurl' C API
with specified options as underlying transport would be much appreciated.
Thank You & Best Regards,
Jason Vas Dias
next reply other threads:[~2022-02-13 14:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-13 14:58 Jason Vas Dias [this message]
2022-02-13 15:44 ` eww + w3m / GnuTLS TLSv1 support ? Herbert J. Skuhra
2022-02-13 16:48 ` Jason Vas Dias
2022-02-13 17:07 ` Eli Zaretskii
2022-02-14 12:34 ` Jason Vas Dias
2022-02-14 13:25 ` Herbert J. Skuhra
2022-02-14 13:36 ` Jason Vas Dias
2022-02-14 18:51 ` chad
2022-02-15 12:52 ` Jason Vas Dias
2022-02-15 12:55 ` Jason Vas Dias
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=hhsfsmvmns.fsf@jvdspc.jvds.net \
--to=jason.vas.dias@gmail.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).