eww + w3m / GnuTLS TLSv1 support ?

[Jason Vas Dias]

Good day -

  I need to access the website of a modem which ONLY supports
  TLS Version 1.0 - the only CURL options that work for it
  are :
    $ curl -ik --tlsv1.0 --basic -u$USER':'$PASS 'https://192.168.1.1'
  ( options '--tlsv1.'{1,2,3} NO NOT WORK AT ALL ! )
  OpenSSL s_client also works with ONLY the '-tls1' option
  (but does not do the HTTP Basic Auth as curl does).
  
  I only have access to my up-to-date Fedora 34 Linux x86_64 host,
  or my Android Phone on the WiFi network it serves with hostapd.

  It has been the case for a while that Firefox / Chrome for Linux
  do not permit me to use TLS-v1 - only Windows 10's Internet Explorer
  used to work, when run from a Qemu/KVM Windows VM under Linux - but now,
  with latest Windows 10 update, even this support has been removed.

  So my only home internet connection router's operations / management
  web-page is now completely inaccessable to me from any of 6 modern browsers
  I have installed on Linux or Windows :
    ( latest Firefox, latest Chrome, w3m , eww, lynx, MS-Edge, MS-IE ) -
  none of them support TLSv1.0 .

  It would be great if W3M or EWW (which I think both use GnuTLS ?)
  could somehow allow users to set the TLS version to use - then
  at least I'd be able to view the router configuration, if not
  make changes (that woud require JavaScript, but that's another
  issue) .

  Can W3M or EWW be made to use 'curl' or 'openssl s_client' under
  the hood for the HTTPS connection ? I think that might be easiest
  option to develop something quickly that works ...

  An attempt to make Emac's GnuTLS connect the the TLSv1 only website
  fails :
  (defvar my-tls-stream nil)
  (set-variable my-tls-stream (open-gnutls-stream "tls" "tls-buffer" 
"192.168.1.1" "https"))^X+^E

  my-tls-stream:
  gnutls.el: (err=[-8] A packet with illegal or unsupported version \
  was received.)  boot: (:priority NORMAL:%DUMBFW :hostname \
  192.168.1.1 :loglevel 0 :min-prime-bits nil :trustfiles \
  (/etc/pki/tls/certs/ca-bundle.crt /etc/ssl/cert.pem) \
  :crlfiles nil :keylist nil :verify-flags nil :verify-error nil \
  :callbacks nil)
   Entering debugger...

  Unfortunately the modem is not rooted and while I can SSH to the
  modem, which can be done ONLY using SSH settings:
    -o
  KexAlgorithms=diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
 
  I cannot make any configuration changes with the SSH login non-root
  session - only the web page can interact with daemons that run as root..

  The only way of making configuration changes is via the JavaScript
  TLSv1.0 website , for which I need a text-mode HTML Forms supporting
  browser with basic JavaScript support (I have nodejs, it should not be too
  difficult to get EWW or W3M to run JavaScript scripts? ).

  It seems more fun & useful to extend EWW / W3M to support
  TLS version & protocol configuration & to be able to run
  JavaScript 'XmlHttpTransaction's via nodejs than to try to
  build an old version of Firefox / Mozilla / SeaMonkey / Chrome that
  supports TLSv1.0 - I might be into doing a little work on that.

  Is there any work going on in that direction ?
  If so , please let me know - any tips how to get W3M or EWW to
  browse a website only over TLSv1 or using 'curl' or 'libcurl' C API
  with specified options as underlying  transport would be much appreciated.

Thank You & Best Regards,
Jason Vas Dias