Re: eww + w3m / GnuTLS TLSv1 support ?

[Jason Vas Dias]

Oops, here is the required crypto policy patch - I don't
understand why this is required, it is just merging the FEDORA32
policy module settings with the DEFAULT policy, which I thought
was the intent of the 'update-crypto-policies --set DEFAULT:FEDORA32',
but this does not seem to work without the patch also being done
afterwards.

On 15/02/2022, Jason Vas Dias <jason.vas.dias@gmail.com> wrote:
> OK, I finally fixed it for firefox & whole OpenSSL or GnuTLS
> using stack on Fedora 34+ :  as root:
>   #  update-crypto-policies --set DEFAULT:DEFAULT
> but that on its own did not work without making the
> changes to /usr/share/crypto-policies/policies/DEFAULT.pol
> in the attached patch file, then restarting firefox with
> the about:config options:
>  security.tls.version.enable-deprecated       true    
>  security.tls.version.min                     1
> Now I can access TLSv1 websites, and my modem,
> with firefox - and also with GnuTLS / Emacs - wahoo!
> The best website to test this with is :
>  https://tls-v1-0.badssl.com:1010/
>
> Thanks to all who responded !
>
> On 14/02/2022, chad <yandros@gmail.com> wrote:
>> On Sun, Feb 13, 2022 at 9:58 AM Jason Vas Dias <jason.vas.dias@gmail.com>
>> wrote:
>>
>>>   I need to access the website of a modem which ONLY supports
>>>   TLS Version 1.0 [...] https://192.168.1.1 [...]
>>>
>>
>> Orthogonal to eww/gnutls support: in your position, I would (curse a bit
>> and) look into a local https proxy, starting with mitmproxy or tinyproxy.
>> I've been able to use solutions like this in the past, but that past is
>> now
>> distant, and I don't know what's current. I see downstream you ask about
>> some nodeJS options; there's probably a relevant node project that you
>> could set up inside your local network.
>>
>> Hope that helps,
>> ~Chad
>>
>

crypto-policy-TLSv1.0.patch
Description: Text Data