Back to the main page

TLS 1.3 support for Classilla 9.3.4b

Many current websites no longer support TLS 1.0, which is the maximum security protocol natively available in Classilla. However, the later TLS 1.2 and 1.3 protocols can be added to Classilla 9.3.4b using Crypto Ancienne, which can be run as a proxy from OS X running Classilla under Classic, from Rhapsody running Classilla under Mac OS, or from Power MachTen running concurrently with Classilla on MacOS itself. You can also set it up on another local machine. In this configuration, Crypto Ancienne does the encryption for Classilla as a proxy.

Although this page include step-by-step directions, you should have some basic working knowledge of typical Unix commands. This support is only available for Classilla 9.3.4b.

Installing Crypto Ancienne under Mac OS X

A pre-built Rhapsody binary of Crypto Ancienne can run on any Power Mac running any Classic-capable version of Mac OS X. Source code is included for all tools.

  1. Download the binary archive for Rhapsody from the Floodgap gopher server. Classilla can access Gopher URLs. Move the archive anywhere convenient as a location.
  2. Start a Terminal window and change the directory to where you saved the archive. For example, if it was in your home directory, then type cd ~
  3. gunzip carl-rhapsody-56.tar.gz
  4. tar xvf carl-rhapsody-56.tar
  5. This will leave you with a new folder called cryanc with the binaries, so cd cryanc
  6. Start carl, Crypto Ancienne's combination client and proxy, listening to localhost with ./micro_inetd 8765 ./carl -p
  7. Start Classilla under Classic, and skip to the section on Configuring and Using Classilla below.

Installing Crypto Ancienne under Power MachTen

A pre-built binary of Crypto Ancienne can run on any Power Mac with Power MachTen 4.1.4 from Tenon Intersystems. It may work with earlier versions. It does not work with Professional MachTen, which is 68K only. Source code is included for all tools.

  1. Download the binary archive for Power MachTen from the Floodgap gopher server. Classilla can access Gopher URLs. Put the archive in the root of the same volume where Power MachTen is installed.
  2. Start Power MachTen if it is not already running and log into the console. Change the directory to where you would like to install the binaries. For example, if you would like to place them in your home directory, then cd ~
  3. dfork //carl-machten-414.tar.gz carl-machten-414.tar.gz (yes, two slashes)
  4. gunzip carl-machten-414.tar.gz
  5. tar xvf carl-machten-414.tar
  6. This will leave you with a new folder called cryanc with the binaries, so cd cryanc
  7. Start carl, Crypto Ancienne's combination client and proxy, listening to localhost with ./micro_inetd 8765 ./carl -p
  8. Start Classilla so that it is running simultaneously with Power MachTen, and skip to the section on Configuring and Using Classilla below.

Installing Crypto Ancienne under Rhapsody/Mac OS X Server v1.2

A pre-built Rhapsody binary of Crypto Ancienne can run on any Power Mac running Mac OS X Server v1.2 (Rhapsody 5.6). It may work with earlier versions. Source code is included for all tools.

  1. Download the binary archive for Rhapsody from the Floodgap gopher server. Classilla can access Gopher URLs. Move the archive anywhere convenient as a location.
  2. Start a Terminal window and change the directory to where you saved the archive. For example, if it was in your home directory, then type cd ~
  3. gunzip carl-rhapsody-56.tar.gz
  4. tar xvf carl-rhapsody-56.tar
  5. This will leave you with a new folder called cryanc with the binaries, so cd cryanc
  6. If your installation of Rhapsody shares an IP address with MacOS, then start carl, Crypto Ancienne's combination client and proxy, listening to localhost with ./micro_inetd 8765 ./carl -p and skip to step 8.
  7. If your installation of Rhapsody has a different IP address than MacOS, then you may need to listen to all interfaces. You should be careful if your system is publicly accessible as others may be able to proxy through you. Start carl on all interfaces with ./micro_inetd_any 8765 ./carl -p
  8. Start Classilla under MacOS, and skip to the section on Configuring and Using Classilla below.

Installing Crypto Ancienne on a Separate Machine

The steps to do so will depend on the specific operating system and compiler. See Crypto Ancienne's Github page for supported operating systems and further information. You should not use it on a system that is not on your local network, and the machine you install it on should not allow connections from outside hosts. Note the local IP address for the next section.

Configuring and Using Classilla

Now that Crypto Ancienne is installed and carl is listening, Classilla must be configured to use it.

  1. With Classilla started, go to about:config and set network.http.proxy.use-http-proxy-for-https to true. This instructs Classilla to send unencrypted requests for encrypted resources to the proxy. This setting must be false for any other HTTP proxy.
  2. Go to Classilla's Preferences window. Under Advanced > Proxies, enter localhost and 8765 for the host and port numbers for "SSL Proxy." If you are using a separate machine, or your Rhapsody installation is using a different IP address, then substitute it for localhost. You can leave "HTTP Proxy" blank unless you want to also proxy unencrypted traffic through carl, which is supported (in that case, use the same values there). Click "OK."
  3. Access any URL starting with https:// and Classilla will forward the request to carl, which will handle the encryption. Note that the padlock icon never shows the connection is secure because technically it isn't (the connection between Classilla and carl is unencrypted, but if the connection is via localhost, by definition it can't be intercepted). As a result, in this configuration Classilla also cannot verify certificates or server identities.
  4. To halt carl, change back to the Terminal window or Power MachTen's console and press CTRL-C. The listener process will stop. This will not harm Classilla, but it will not be able to access any TLS resource (or, if proxying them, HTTP resource) until carl has been restarted or the settings above are reverted.

Power MachTen users may wish to consider keeping Power MachTen files on a different volume from Classilla to guard against corruption if a system crash occurs. Periodically backing up the FFS volumes is also recommended.

Do not file bugs on Classilla's TLS support against Crypto Ancienne. They will be marked as invalid.