From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: "Jason Vas Dias" Newsgroups: gmane.emacs.devel Subject: eww + w3m / GnuTLS TLSv1 support ? Date: Sun, 13 Feb 2022 14:58:15 +0000 Message-ID: Reply-To: Jason Vas Dias Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34248"; mail-complaints-to="usenet@ciao.gmane.io" To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Feb 13 15:59:35 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nJGLf-0008nN-JM for ged-emacs-devel@m.gmane-mx.org; Sun, 13 Feb 2022 15:59:35 +0100 Original-Received: from localhost ([::1]:41312 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nJGLd-0002ZL-U9 for ged-emacs-devel@m.gmane-mx.org; Sun, 13 Feb 2022 09:59:33 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:57206) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nJGKU-0001eN-3y for emacs-devel@gnu.org; Sun, 13 Feb 2022 09:58:22 -0500 Original-Received: from [2a00:1450:4864:20::42f] (port=35782 helo=mail-wr1-x42f.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nJGKS-0003lf-DK for emacs-devel@gnu.org; Sun, 13 Feb 2022 09:58:21 -0500 Original-Received: by mail-wr1-x42f.google.com with SMTP id v12so23064930wrv.2 for ; Sun, 13 Feb 2022 06:58:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:reply-to:date:message-id:mime-version; bh=5O6TI0I3xS0nISJP8gGSZ9QBikOhybYSHb9THl2S2VU=; b=OyZQ61WxQceZAeZmGdtXz/Wi1NiTxvNAmpkg/CgS5miKWLgKcp3d03bYyvnCGqkLT9 hJ/hEssi8H4lRjEHLREzH7POaWclLINa+AlpmwFMF0S4aqB2GWIl35sotFQmV8aYS4Ib qDQhqkjPrsIhEkHd5KHtJ4aqyFiFp6b1SoTfaRWWSMP5aSpqI7uYOxrYWr0tyGN9zi88 GEkTnhJPu7d65EoTQBc711EX/JGHRNfVVsEO7+y/4hyytCT8wOdPWsyWuuK0lqB3Gko7 EVrm1nUetpFm+wCjDFp2hOLgsUjNfjlIg1BzZwRQrm9NAnq5/ERcRyCGyYsyL5Kh2ZRz HpZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:reply-to:date:message-id :mime-version; bh=5O6TI0I3xS0nISJP8gGSZ9QBikOhybYSHb9THl2S2VU=; b=CHMm0+Xtt48Wa/WLuYUCDmZ/99cjq3u6IA7bWdxV5M/ZwGr7F+DMTJ9pKwM/bC734g P+BcFvUode0/FtlnpImCMoi+N6xn/YF/IMebpIRD65VgfGfKS1keQepWxMGveYGLZWRl VXW8m3ZQWhhcoI+RPD95wYyH4pmqXA6IHBHJC803lRr7+GBeHWn0ptDiLw7kuhwI0/u9 /lG8XpAkcZeboDT6elAXkcvnTFqBBS2Q72SLHgVm8bEWxXvDoA7UeSJTHscqZQiwaWkN h3ljyjCH/bp8Yib33E6XgSqrJP8EnVAfIgItPumjBLfBzPgNduXlx1MlENrmygmqJ5Xo shHA== X-Gm-Message-State: AOAM533P06aHu8R0cXmhiNAr8t9/m8DdCwl4+RdxRx07B+/GeueutQfK whzOo5UFHOE2ZCqRmvX36ccCWslP0BI= X-Google-Smtp-Source: ABdhPJykYpn80iaynvwnqD9JWT4kI+80uhiBb6Lr1H6fy5Y34HP/05NufGJsvqV2J9oFOcQqCRm9PQ== X-Received: by 2002:adf:b74e:: with SMTP id n14mr8260062wre.37.1644764297988; Sun, 13 Feb 2022 06:58:17 -0800 (PST) Original-Received: from jvdspc.jvds.net ([212.129.78.97]) by smtp.gmail.com with ESMTPSA id s26sm9166157wmh.47.2022.02.13.06.58.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Feb 2022 06:58:17 -0800 (PST) Original-Received: from jvdspc.jvds.net (localhost.localdomain [127.0.0.1]) by jvdspc.jvds.net (8.16.1/8.15.2) with ESMTPS id 21DEwGpe212322 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Sun, 13 Feb 2022 14:58:16 GMT Original-Received: (from jvd@localhost) by jvdspc.jvds.net (8.16.1/8.16.1/Submit) id 21DEwFPn212321; Sun, 13 Feb 2022 14:58:15 GMT X-Authentication-Warning: jvdspc.jvds.net: jvd set sender to jason.vas.dias@gmail.com using -f X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::42f (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::42f; envelope-from=jason.vas.dias@gmail.com; helo=mail-wr1-x42f.google.com X-Spam_score_int: 7 X-Spam_score: 0.7 X-Spam_bar: / X-Spam_report: (0.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_MISSP_FREEMAIL=0.001, NUMERIC_HTTP_ADDR=1.242, PDS_HP_HELO_NORDNS=0.785, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:286216 Archived-At: Good day - I need to access the website of a modem which ONLY supports TLS Version 1.0 - the only CURL options that work for it are : $ curl -ik --tlsv1.0 --basic -u$USER':'$PASS 'https://192.168.1.1' ( options '--tlsv1.'{1,2,3} NO NOT WORK AT ALL ! ) OpenSSL s_client also works with ONLY the '-tls1' option (but does not do the HTTP Basic Auth as curl does). I only have access to my up-to-date Fedora 34 Linux x86_64 host, or my Android Phone on the WiFi network it serves with hostapd. It has been the case for a while that Firefox / Chrome for Linux do not permit me to use TLS-v1 - only Windows 10's Internet Explorer used to work, when run from a Qemu/KVM Windows VM under Linux - but now, with latest Windows 10 update, even this support has been removed. So my only home internet connection router's operations / management web-page is now completely inaccessable to me from any of 6 modern browsers I have installed on Linux or Windows : ( latest Firefox, latest Chrome, w3m , eww, lynx, MS-Edge, MS-IE ) - none of them support TLSv1.0 . It would be great if W3M or EWW (which I think both use GnuTLS ?) could somehow allow users to set the TLS version to use - then at least I'd be able to view the router configuration, if not make changes (that woud require JavaScript, but that's another issue) . Can W3M or EWW be made to use 'curl' or 'openssl s_client' under the hood for the HTTPS connection ? I think that might be easiest option to develop something quickly that works ... An attempt to make Emac's GnuTLS connect the the TLSv1 only website fails : (defvar my-tls-stream nil) (set-variable my-tls-stream (open-gnutls-stream "tls" "tls-buffer" "192.168.1.1" "https"))^X+^E my-tls-stream: gnutls.el: (err=[-8] A packet with illegal or unsupported version \ was received.) boot: (:priority NORMAL:%DUMBFW :hostname \ 192.168.1.1 :loglevel 0 :min-prime-bits nil :trustfiles \ (/etc/pki/tls/certs/ca-bundle.crt /etc/ssl/cert.pem) \ :crlfiles nil :keylist nil :verify-flags nil :verify-error nil \ :callbacks nil) Entering debugger... Unfortunately the modem is not rooted and while I can SSH to the modem, which can be done ONLY using SSH settings: -o KexAlgorithms=diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 I cannot make any configuration changes with the SSH login non-root session - only the web page can interact with daemons that run as root.. The only way of making configuration changes is via the JavaScript TLSv1.0 website , for which I need a text-mode HTML Forms supporting browser with basic JavaScript support (I have nodejs, it should not be too difficult to get EWW or W3M to run JavaScript scripts? ). It seems more fun & useful to extend EWW / W3M to support TLS version & protocol configuration & to be able to run JavaScript 'XmlHttpTransaction's via nodejs than to try to build an old version of Firefox / Mozilla / SeaMonkey / Chrome that supports TLSv1.0 - I might be into doing a little work on that. Is there any work going on in that direction ? If so , please let me know - any tips how to get W3M or EWW to browse a website only over TLSv1 or using 'curl' or 'libcurl' C API with specified options as underlying transport would be much appreciated. Thank You & Best Regards, Jason Vas Dias