Image Map Image Map
Results 1 to 9 of 9

Thread: Crypto Ancienne: TLS for the Internet of Old Things

  1. #1

    Default Crypto Ancienne: TLS for the Internet of Old Things

    I'm pushing out an initial release of Crypto Ancienne, a TLS library intended for pre-C99 and the older architectures that run it, with support for TLS 1.2 with SNI and most current algorithms. It is tested on NeXTSTEP 3.3, Rhapsody 5.6, Mac OS X, Linux, NetBSD, AIX 4+ (4.1.5 and 6.1 specifically), Power MachTen 4.1.4 and A/UX 3.1. Ports to IRIX, SunOS 4 and maybe Tru64 are forthcoming. Most platforms with gcc 2.5 or better, 64-bit ints (usually long long) and stdarg.h will build it.

    https://github.com/classilla/cryanc

    Crypto Ancienne includes an example application called carl (a desperate pun on curl). carl allows you to grab HTTP and HTTPS resources, but also can act as a proxy when connected to inetd or an inetd-like environment. Combine this with an appropriately agreeable browser and you can bolt TLS 1.2 onto old browsers as well hosted even on the same system. Here are examples with OmniWeb, two NCSA Mosaic flavours and MacLynx.

    https://oldvcr.blogspot.com/2020/11/...e-tls-for.html
    I use my C128 because I am an ornery, stubborn, retro grouch. -- Bob Masse
    Various projects and oddities: http://oldvcr.blogspot.com/
    Machine room: http://www.floodgap.com/etc/machines.html

  2. #2

    Default

    So, having written this, let me ask this.

    What do you think is the slowest machine this could be practically used on?

    Could this run on a 8088 at 4.77Mhz? a 286? a 386? 16Mhz, 20, 25, 33Mhz?

    Just curious.

    All of them "could do it", but I mean do it practically. Being able to shove the data over a TCP socket without consuming 100% of the CPU just for the encryption.

  3. #3

    Default

    In the Github I give a real world example with a Macintosh IIci (25MHz 68030) running NetBSD. It has no L1 cache card because it actually makes it less reliable (periodically the cache card fails -- over the many years it's been in service it's blown through a few, even recapped ones, so I don't have one in it anymore).

    This little machine takes about 20ish seconds to complete a TLS 1.2 transaction to a local server. Some servers refuse to wait that long which sets the artificial floor. Based on this single datapoint, I'd hazard the bottom edge for general usage is probably early-to-mid 1990s systems, so we're talking 68040s, 486s and early RISC (a PA-7100C is demonstrated), though if you were willing to wait it would be fine for more tolerant machines and applications.
    I use my C128 because I am an ornery, stubborn, retro grouch. -- Bob Masse
    Various projects and oddities: http://oldvcr.blogspot.com/
    Machine room: http://www.floodgap.com/etc/machines.html

  4. #4
    Join Date
    Aug 2015
    Location
    Virginia, USA
    Posts
    115

    Default

    Great project, shame my DS10L that runs Tru64 is currently not set up. I wonder if it would compile on OpenVMS somehow...

  5. #5

    Default

    There's not a lot in the core library that's highly system dependent. carl.c might need some hacking for VMS, though. I have a VAXstation here but I think the C compiler license expired on it.
    I use my C128 because I am an ornery, stubborn, retro grouch. -- Bob Masse
    Various projects and oddities: http://oldvcr.blogspot.com/
    Machine room: http://www.floodgap.com/etc/machines.html

  6. #6

    Default

    Citing from blogspot:
    Quote Originally Posted by ClassicHasClass View Post
    So, since Mac Mosaic 3.0b4 is persnickety and crashy as heck, do we have an alternative that can be configured in the same way? Not the usual suspects, no: not Netscape, nor MSIE, nor NetShark, nor MacWeb.
    Why not? Is there a fundamental reason? Would it be even conceivable to add Cyberdog to usual suspects?

  7. #7

    Default

    Quote Originally Posted by vldmrrr View Post
    Why not? Is there a fundamental reason? Would it be even conceivable to add Cyberdog to usual suspects?
    Never mind, I just realized the reason is described earlier in the blog post.

    But here is an idea. What if carl would tunnel through https any http request to specifically modified host names, and in response replace in html content any https url with http url to modified host names? Prefixing with hyphen seem to be safe.

    So for example, http://-google.com would go to https://google.com and in response replace all occurrences of "https://" with "http://-"

  8. #8
    Join Date
    Oct 2008
    Location
    Kamloops, BC, Canada
    Posts
    6,129
    Blog Entries
    44

    Default

    I've kinda abandoned most subjects on backporting TLS to older platforms because of the amount of effort needed but you mentioned that a release for Irix is on the way.
    Is this library for recompiling browsers or does this snap-in to existing browsers such as Netscape where it is somewhat integrated into Irix but Netscape itself that I am aware is is not available in an uncompiled format.
    [Need something to waste time on? Click here to visit my YouTube channel CelGenStudios]
    --------------------------------------------------------------------------------------------
    [No time for videos? Click here to visit my Twitter feed @CelGenStudios]

    = Excellent space heater

  9. #9

    Default

    Quote Originally Posted by vldmrrr View Post
    Never mind, I just realized the reason is described earlier in the blog post.

    But here is an idea. What if carl would tunnel through https any http request to specifically modified host names, and in response replace in html content any https url with http url to modified host names? Prefixing with hyphen seem to be safe.

    So for example, http://-google.com would go to https://google.com and in response replace all occurrences of "https://" with "http://-"
    I think something like this already exists (ISTR such a proxy but it's not coming to mind). It wouldn't be especially difficult to do this here, but it would probably make carl more complex than it already is and thus rather less suitable as a demo application. But it would plausibly work.

    I did try Cyberdog, btw. No joy.

    Quote Originally Posted by NeXT
    I've kinda abandoned most subjects on backporting TLS to older platforms because of the amount of effort needed but you mentioned that a release for Irix is on the way.
    Is this library for recompiling browsers or does this snap-in to existing browsers such as Netscape where it is somewhat integrated into Irix but Netscape itself that I am aware is is not available in an uncompiled format.
    It's more for recompilation, though carl covers the situation for those browsers (admittedly a minority) where you can redirect https to a separate proxy. The available browsers for IRIX don't fall into that category (I don't think) with the exception of Mosaic, which I need to fix to compile again and should work.
    I use my C128 because I am an ornery, stubborn, retro grouch. -- Bob Masse
    Various projects and oddities: http://oldvcr.blogspot.com/
    Machine room: http://www.floodgap.com/etc/machines.html

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •