• Please review our updated Terms and Rules here

What do you think the minimal vintage system would be that can run HTTP over TLS?

W

whartung

Veteran Member
Joined
Apr 23, 2020
Messages
745
The major barrier to interacting with the modern internet is HTTPS and the TLS encryption requirement. It's simply very expensive to do, especially on older slower systems.

So, I'm curious what others may think would be a viable system that could communicate with the internet (assuming it had connectivity of course).

I don't think a box stock Z80 CP/M machine could do it. Not with a 4Mhz processor. I don't know if any of the modern ones running up to 30Mhz would be able to do it, but even if they could, a stock 64K Z80 machine simply doesn't have the RAM to do much. Even if there were a CP/M plain text browser akin to Lynx, there's barely enough memory for many web pages -- just the main page, not counting all of the other stuff that comes along (CSS, Javascript, etc.), all of which would pretty much be ignored anyway.

The game with the HTTPS is that it needs to handle the original negotiation (which is in itself expensive because of the public key part of the exchange), and then the normal stream encryption. And it would need to do it in a "reasonable" amount of time. I think 10s would be a high mark on the handshake in terms of viable in my book.

Would a 16Mhz 386SX be able to do it? 33Mhz?

Just curious what other folks think about this.
 
I'm guessing 80386, and here's why. There's a web browser called "Links" that actually can surf modren TLS enabled websites for DOS. - links.twibright.com/. IT works in both graphics mode and text mode, and in text mode on my Versa 40EC (40MHz DX2) it screams. I also found a TLS equopped E-mail client called FLMAIL that also works, but it needs a 486 to run comfortable enough. I downloaded all 200+ e-mails from my GMail with it (with enhanced security disabled). I do all this on FreeDOS 1.2. Both seem to require CWSDPMI to work so they are 386+ only. I remember this because I use dto use Arachne on my 286 and it'd throw an error occasionally (but still keep working) "needs cwsdpmi.exe - 80386 or later required".

My connectivity is usually either through wired network, or using WiFi tethered to my Cellular phone's hotspot using an old PCMCIA WiFi Card such as a CIsco Aironet or a Orinoco/Lucent WaveLan Silver.

I don't have any 386s so I don't know how low I Can go with Links but based on the performance on a 40MHz 486 DX2 I can figure it'd be pretty comfy on a 386. So I know it's likely doable as low as a 386.
 
I think the slowest computer I've used TLS on is a Macintosh IIci. 25MHz 68030.

I know the 8-bit Arduinos won't do it, so..... I 'spect an 020 or 286 would be iffy. I think Minix 1 would run on a 286 in protected mode, wouldn't it? Was TLS around back then?
 
Are there any proxy servers that can do TLS to the world and then translate to SSL or even nothing at all for the private network? I've tried to search, and most of what pops up that claims to do this actually does something completely different, like creating an image with clickable areas, etc.
 
Mad-Mike said:
I don't have any 386s so I don't know how low I Can go with Links but based on the performance on a 40MHz 486 DX2 I can figure it'd be pretty comfy on a 386. So I know it's likely doable as low as a 386.
Click to expand...

That's good information, and something my "gut" says is about right. At a minimum TLS was actually developed back in this era of computing, especially RSA and such, and it had to be "doable" then. The public key portion of the exchange is not arduous, per se, it's only encrypting the private key (128-256 bits) plus a little meta data.

And late 386s and such were no slouches at the time.

bladamson said:
I think the slowest computer I've used TLS on is a Macintosh IIci. 25MHz 68030.

I know the 8-bit Arduinos won't do it, so..... I 'spect an 020 or 286 would be iffy. I think Minix 1 would run on a 286 in protected mode, wouldn't it? Was TLS around back then?
Click to expand...

That's good info as well.


jafir said:
Are there any proxy servers that can do TLS to the world and then translate to SSL or even nothing at all for the private network? I've tried to search, and most of what pops up that claims to do this actually does something completely different, like creating an image with clickable areas, etc.
Click to expand...

Well, ideally that's the "out" that real legacy stuff should be able to do, make an HTTP request to the the proxy, and have the proxy do the work. I don't know if it's a straight up configuration of something like Apache or NGINX or not.

Actually here's an article discussing exactly this: https://serverfault.com/questions/907490/forward-proxy-convert-http-to-https

There would still be challenges in this case, however.

If you wanted to rewrite everything from http to https, then this would work. That would arguably work for a big chunk of the modern web. But there are still some older sites, notably personal sites and such, that are still http only, so it wouldn't work for them.

But I was curious what lowest level machine could host it natively. I bet a 386/33 could do it, but certainly 486/25 or higher. That may well be the baseline to do it really comfortably.
 
It seems like most sites need TLS 1.2 these days, while a few need TLS 1.3. The different versions might have different CPU overhead.

Based on the CPU loads I've seen when downloading files from TLS 1.2 sites, I'd estimate that a 386 could sustain 10-20KB per second.
whartung said:
Actually here's an article discussing exactly this: https://serverfault.com/questions/907490/forward-proxy-convert-http-to-https
Click to expand...
IIUC, it sounds like they've reached the same conclusion that I did, that you can't translate http<->https via proxy without patching URLs.

For general internet use, I think it would be necessary to insert code into the network stack to intercept traffic. Make the client 'think' it is communicating with the remote server directly, by https if necessary. Maybe it could be done locally on windows for instance by using an alternate wsock32.dll or ws2_32.dll to capture the network APIs.
 
jafir said:
Are there any proxy servers that can do TLS to the world and then translate to SSL or even nothing at all for the private network? I've tried to search, and most of what pops up that claims to do this actually does something completely different, like creating an image with clickable areas, etc.
Click to expand...

This was recently released and looks very promising:

https://github.com/classilla/cryanc


"Crypto Ancienne, or Cryanc for short, is a TLS library with an aim for compatibility with pre-C99 C compilers and geriatric architectures. The TLS apocalypse may have knocked these hulking beasts out of the running for awhile, but now it's time for the Great Old Computing Ones to reclaim the Earth. That old server in your closet? It's only been sleeping, and now it's ready to take back the Web on the Web's own terms. 1997 just called and it's ticked."

I'm looking into using this for some projects.
 
dillera said:
This was recently released and looks very promising:

https://github.com/classilla/cryanc
Click to expand...

The issue is more a question of raw horsepower, though having appropriate software is handy as well.

I find it curious this trend about essentially eliminating object files, or even libraries. The instructions here are to include almost 50,000 lines of C code directly in to your application rather than build it separately and link it. I guess build tools have utterly failed to mature to any point of real stability nowadays, and on modern machines, "why not".
 
whartung said:
The issue is more a question of raw horsepower, though having appropriate software is handy as well.

I find it curious this trend about essentially eliminating object files, or even libraries. The instructions here are to include almost 50,000 lines of C code directly in to your application rather than build it separately and link it. I guess build tools have utterly failed to mature to any point of real stability nowadays, and on modern machines, "why not".
Click to expand...

Mirrors the trend of the bloat in Linux these days with everyone using appimage packages now, because wahhhh dependencies are so hard. So they include all of the library code, all the way down to ld-linux.so, in EVERY FRIGGIN PACKAGE. It's even dumber than systemd. :3
 
You must log in or register to reply here.
Back
Top