Announcement

Collapse

Forum etiquette

Our mission ...

This forum is part of our mission to promote the preservation of vintage computers through education and outreach. (In real life we also run events and have a museum.) We encourage you to join us, participate, share your knowledge, and enjoy.

This forum has been around in this format for over 15 years. These rules and guidelines help us maintain a healthy and active community, and we moderate the forum to keep things on track. Please familiarize yourself with these rules and guidelines.


Remain civil and respectful

There are several hundred people who actively participate here. People come from all different backgrounds and will have different ways of seeing things. You will not agree with everything you read here. Back-and-forth discussions are fine but do not cross the line into rude or disrespectful behavior.

Conduct yourself as you would at any other place where people come together in person to discuss their hobby. If you wouldn't say something to somebody in person, then you probably should not be writing it here.

This should be obvious but, just in case: profanity, threats, slurs against any group (sexual, racial, gender, etc.) will not be tolerated.


Stay close to the original topic being discussed
  • If you are starting a new thread choose a reasonable sub-forum to start your thread. (If you choose incorrectly don't worry, we can fix that.)
  • If you are responding to a thread, stay on topic - the original poster was trying to achieve something. You can always start a new thread instead of potentially "hijacking" an existing thread.



Contribute something meaningful

To put things in engineering terms, we value a high signal to noise ratio. Coming here should not be a waste of time.
  • This is not a chat room. If you are taking less than 30 seconds to make a post then you are probably doing something wrong. A post should be on topic, clear, and contribute something meaningful to the discussion. If people read your posts and feel that their time as been wasted, they will stop reading your posts. Worse yet, they will stop visiting and we'll lose their experience and contributions.
  • Do not bump threads.
  • Do not "necro-post" unless you are following up to a specific person on a specific thread. And even then, that person may have moved on. Just start a new thread for your related topic.
  • Use the Private Message system for posts that are targeted at a specific person.


"PM Sent!" messages (or, how to use the Private Message system)

This forum has a private message feature that we want people to use for messages that are not of general interest to other members.

In short, if you are going to reply to a thread and that reply is targeted to a specific individual and not of interest to anybody else (either now or in the future) then send a private message instead.

Here are some obvious examples of when you should not reply to a thread and use the PM system instead:
  • "PM Sent!": Do not tell the rest of us that you sent a PM ... the forum software will tell the other person that they have a PM waiting.
  • "How much is shipping to ....": This is a very specific and directed question that is not of interest to anybody else.


Why do we have this policy? Sending a "PM Sent!" type message basically wastes everybody else's time by making them having to scroll past a post in a thread that looks to be updated, when the update is not meaningful. And the person you are sending the PM to will be notified by the forum software that they have a message waiting for them. Look up at the top near the right edge where it says 'Notifications' ... if you have a PM waiting, it will tell you there.

Copyright and other legal issues

We are here to discuss vintage computing, so discussing software, books, and other intellectual property that is on-topic is fine. We don't want people using these forums to discuss or enable copyright violations or other things that are against the law; whether you agree with the law or not is irrelevant. Do not use our resources for something that is legally or morally questionable.

Our discussions here generally fall under "fair use." Telling people how to pirate a software title is an example of something that is not allowable here.


Reporting problematic posts

If you see spam, a wildly off-topic post, or something abusive or illegal please report the thread by clicking on the "Report Post" icon. (It looks like an exclamation point in a triangle and it is available under every post.) This send a notification to all of the moderators, so somebody will see it and deal with it.

If you are unsure you may consider sending a private message to a moderator instead.


New user moderation

New users are directly moderated so that we can weed spammers out early. This means that for your first 10 posts you will have some delay before they are seen. We understand this can be disruptive to the flow of conversation and we try to keep up with our new user moderation duties to avoid undue inconvenience. Please do not make duplicate posts, extra posts to bump your post count, or ask the moderators to expedite this process; 10 moderated posts will go by quickly.

New users also have a smaller personal message inbox limit and are rate limited when sending PMs to other users.


Other suggestions
  • Use Google, books, or other definitive sources. There is a lot of information out there.
  • Don't make people guess at what you are trying to say; we are not mind readers. Be clear and concise.
  • Spelling and grammar are not rated, but they do make a post easier to read.
See more
See less

What do you think the minimal vintage system would be that can run HTTP over TLS?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    What do you think the minimal vintage system would be that can run HTTP over TLS?

    The major barrier to interacting with the modern internet is HTTPS and the TLS encryption requirement. It's simply very expensive to do, especially on older slower systems.

    So, I'm curious what others may think would be a viable system that could communicate with the internet (assuming it had connectivity of course).

    I don't think a box stock Z80 CP/M machine could do it. Not with a 4Mhz processor. I don't know if any of the modern ones running up to 30Mhz would be able to do it, but even if they could, a stock 64K Z80 machine simply doesn't have the RAM to do much. Even if there were a CP/M plain text browser akin to Lynx, there's barely enough memory for many web pages -- just the main page, not counting all of the other stuff that comes along (CSS, Javascript, etc.), all of which would pretty much be ignored anyway.

    The game with the HTTPS is that it needs to handle the original negotiation (which is in itself expensive because of the public key part of the exchange), and then the normal stream encryption. And it would need to do it in a "reasonable" amount of time. I think 10s would be a high mark on the handshake in terms of viable in my book.

    Would a 16Mhz 386SX be able to do it? 33Mhz?

    Just curious what other folks think about this.

    #2
    I'm guessing 80386, and here's why. There's a web browser called "Links" that actually can surf modren TLS enabled websites for DOS. - links.twibright.com/. IT works in both graphics mode and text mode, and in text mode on my Versa 40EC (40MHz DX2) it screams. I also found a TLS equopped E-mail client called FLMAIL that also works, but it needs a 486 to run comfortable enough. I downloaded all 200+ e-mails from my GMail with it (with enhanced security disabled). I do all this on FreeDOS 1.2. Both seem to require CWSDPMI to work so they are 386+ only. I remember this because I use dto use Arachne on my 286 and it'd throw an error occasionally (but still keep working) "needs cwsdpmi.exe - 80386 or later required".

    My connectivity is usually either through wired network, or using WiFi tethered to my Cellular phone's hotspot using an old PCMCIA WiFi Card such as a CIsco Aironet or a Orinoco/Lucent WaveLan Silver.

    I don't have any 386s so I don't know how low I Can go with Links but based on the performance on a 40MHz 486 DX2 I can figure it'd be pretty comfy on a 386. So I know it's likely doable as low as a 386.

    Comment


      #3
      I think the slowest computer I've used TLS on is a Macintosh IIci. 25MHz 68030.

      I know the 8-bit Arduinos won't do it, so..... I 'spect an 020 or 286 would be iffy. I think Minix 1 would run on a 286 in protected mode, wouldn't it? Was TLS around back then?
      -- Lee
      If you get super-bored, try muh crappy YouTube channel: Old Computer Fun!
      Looking to Buy/Trade For (non-working is fine): Mac IIci hard drive sled and one bottom rubber foot, Multisync VGA CRTs, Decent NuBus video card, PC-era Tandy stuff, Weird Old Unix Stuff, Aesthetic Old Serial Terminals (HP and Data General in particular)

      Comment


        #4
        Are there any proxy servers that can do TLS to the world and then translate to SSL or even nothing at all for the private network? I've tried to search, and most of what pops up that claims to do this actually does something completely different, like creating an image with clickable areas, etc.

        Comment


          #5
          Originally posted by Mad-Mike View Post
          I don't have any 386s so I don't know how low I Can go with Links but based on the performance on a 40MHz 486 DX2 I can figure it'd be pretty comfy on a 386. So I know it's likely doable as low as a 386.
          That's good information, and something my "gut" says is about right. At a minimum TLS was actually developed back in this era of computing, especially RSA and such, and it had to be "doable" then. The public key portion of the exchange is not arduous, per se, it's only encrypting the private key (128-256 bits) plus a little meta data.

          And late 386s and such were no slouches at the time.

          Originally posted by bladamson View Post
          I think the slowest computer I've used TLS on is a Macintosh IIci. 25MHz 68030.

          I know the 8-bit Arduinos won't do it, so..... I 'spect an 020 or 286 would be iffy. I think Minix 1 would run on a 286 in protected mode, wouldn't it? Was TLS around back then?
          That's good info as well.


          Originally posted by jafir View Post
          Are there any proxy servers that can do TLS to the world and then translate to SSL or even nothing at all for the private network? I've tried to search, and most of what pops up that claims to do this actually does something completely different, like creating an image with clickable areas, etc.
          Well, ideally that's the "out" that real legacy stuff should be able to do, make an HTTP request to the the proxy, and have the proxy do the work. I don't know if it's a straight up configuration of something like Apache or NGINX or not.

          Actually here's an article discussing exactly this: https://serverfault.com/questions/90...-http-to-https

          There would still be challenges in this case, however.

          If you wanted to rewrite everything from http to https, then this would work. That would arguably work for a big chunk of the modern web. But there are still some older sites, notably personal sites and such, that are still http only, so it wouldn't work for them.

          But I was curious what lowest level machine could host it natively. I bet a 386/33 could do it, but certainly 486/25 or higher. That may well be the baseline to do it really comfortably.

          Comment


            #6
            It seems like most sites need TLS 1.2 these days, while a few need TLS 1.3. The different versions might have different CPU overhead.

            Based on the CPU loads I've seen when downloading files from TLS 1.2 sites, I'd estimate that a 386 could sustain 10-20KB per second.
            Originally posted by whartung View Post
            Actually here's an article discussing exactly this: https://serverfault.com/questions/90...-http-to-https
            IIUC, it sounds like they've reached the same conclusion that I did, that you can't translate http<->https via proxy without patching URLs.

            For general internet use, I think it would be necessary to insert code into the network stack to intercept traffic. Make the client 'think' it is communicating with the remote server directly, by https if necessary. Maybe it could be done locally on windows for instance by using an alternate wsock32.dll or ws2_32.dll to capture the network APIs.

            Comment


              #7
              Originally posted by jafir View Post
              Are there any proxy servers that can do TLS to the world and then translate to SSL or even nothing at all for the private network? I've tried to search, and most of what pops up that claims to do this actually does something completely different, like creating an image with clickable areas, etc.
              https://www.vogons.org/viewtopic.php?t=67165

              https://github.com/atauenis/webone
              -- Lee
              If you get super-bored, try muh crappy YouTube channel: Old Computer Fun!
              Looking to Buy/Trade For (non-working is fine): Mac IIci hard drive sled and one bottom rubber foot, Multisync VGA CRTs, Decent NuBus video card, PC-era Tandy stuff, Weird Old Unix Stuff, Aesthetic Old Serial Terminals (HP and Data General in particular)

              Comment


                #8
                Originally posted by jafir View Post
                Are there any proxy servers that can do TLS to the world and then translate to SSL or even nothing at all for the private network? I've tried to search, and most of what pops up that claims to do this actually does something completely different, like creating an image with clickable areas, etc.
                This was recently released and looks very promising:

                https://github.com/classilla/cryanc


                "Crypto Ancienne, or Cryanc for short, is a TLS library with an aim for compatibility with pre-C99 C compilers and geriatric architectures. The TLS apocalypse may have knocked these hulking beasts out of the running for awhile, but now it's time for the Great Old Computing Ones to reclaim the Earth. That old server in your closet? It's only been sleeping, and now it's ready to take back the Web on the Web's own terms. 1997 just called and it's ticked."

                I'm looking into using this for some projects.
                --------
                Hacking IRIX

                Comment


                  #9
                  Originally posted by dillera View Post
                  This was recently released and looks very promising:

                  https://github.com/classilla/cryanc
                  The issue is more a question of raw horsepower, though having appropriate software is handy as well.

                  I find it curious this trend about essentially eliminating object files, or even libraries. The instructions here are to include almost 50,000 lines of C code directly in to your application rather than build it separately and link it. I guess build tools have utterly failed to mature to any point of real stability nowadays, and on modern machines, "why not".

                  Comment


                    #10
                    Originally posted by whartung View Post
                    The issue is more a question of raw horsepower, though having appropriate software is handy as well.

                    I find it curious this trend about essentially eliminating object files, or even libraries. The instructions here are to include almost 50,000 lines of C code directly in to your application rather than build it separately and link it. I guess build tools have utterly failed to mature to any point of real stability nowadays, and on modern machines, "why not".
                    Mirrors the trend of the bloat in Linux these days with everyone using appimage packages now, because wahhhh dependencies are so hard. So they include all of the library code, all the way down to ld-linux.so, in EVERY FRIGGIN PACKAGE. It's even dumber than systemd. :3
                    -- Lee
                    If you get super-bored, try muh crappy YouTube channel: Old Computer Fun!
                    Looking to Buy/Trade For (non-working is fine): Mac IIci hard drive sled and one bottom rubber foot, Multisync VGA CRTs, Decent NuBus video card, PC-era Tandy stuff, Weird Old Unix Stuff, Aesthetic Old Serial Terminals (HP and Data General in particular)

                    Comment

                    Working...
                    X