setting up apache2 (or squid) to serve as an SSL/TLS proxy for older systems? ==> Works Great!

Fri Dec 18 22:45:06 UTC 2020

Little note, if you use the fixed weather dashboard widget, please follow the instructions in the readme to add your own API key. I was just looking at Cloudflare's logs last night, and the widget is definitely going to go over the HERE API's limit for free accounts. I'm actually surprised it hasn't already.

On Dec 18, 2020, at 5:26 PM, Ken Cunningham <ken.cunningham.webuse at gmail.com> wrote:

> and as an added bonus, I see you’ve fixed the weather widget too!
> 
> Ken
> 
>> On Dec 18, 2020, at 2:09 PM, Ken Cunningham <ken.cunningham.webuse at gmail.com> wrote:
>> 
>> I installed your DMG version of the setup on a clean 10.6.8 machine I had sitting.
>> 
>> It works just great! That is exactly the kind of fix I was wondering about, and you’ve put together a great little installer.
>> 
>> 
>> With your squid proxy running, the old original Safari browser registers as showing all current SSL capability at <https://howsmyssl.com>.
>> 
>> MacPorts’ port command can download software from high-security SSL sites like github without any trouble:
>> 
>> eg.
>> 
>> sudo port clean —all ninja
>> sudo port -d fetch —no-mirror ninja
>> 
>> now works perfectly with the squid proxy enabled,
>> 
>> --->  Fetching distfiles for ninja
>> DEBUG: elevating privileges for fetch: euid changed to 0, egid changed to 0.
>> DEBUG: dropping privileges: euid changed to 503, egid changed to 501.
>> DEBUG: Executing org.macports.fetch (ninja)
>> --->  ninja-1.10.2.tar.gz does not exist in /opt/local/var/macports/distfiles/ninja
>> --->  Attempting to fetch ninja-1.10.2.tar.gz from https://github.com/ninja-build/ninja/archive/v1.10.2
>> % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>>                                Dload  Upload   Total   Spent    Left  Speed
>> 0   126    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
>> 126   126  126   126    0     0     85      0  0:00:01  0:00:01 --:--:--   264
>> 100  208k  100  208k    0     0    98k      0  0:00:02  0:00:02 --:--:—   98
>> 
>> 
>> and fails as always when it is not enabled.
>> 
>> --->  Fetching distfiles for ninja
>> DEBUG: elevating privileges for fetch: euid changed to 0, egid changed to 0.
>> DEBUG: dropping privileges: euid changed to 503, egid changed to 501.
>> DEBUG: Executing org.macports.fetch (ninja)
>> --->  ninja-1.10.2.tar.gz does not exist in /opt/local/var/macports/distfiles/ninja
>> --->  Attempting to fetch ninja-1.10.2.tar.gz from https://github.com/ninja-build/ninja/archive/v1.10.2
>> 
>> % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>>                                Dload  Upload   Total   Spent    Left  Speed
>> 0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0DEBUG: Fetching distfile failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
>> Error: Failed to fetch ninja: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
>> 
>> 
>> 
>> I don’t 100% understand all the inner workings — I noticed that calling the old curl in /usr/bin did not work to download the same file for some reason:
>> 
>> $ /usr/bin/curl -O https://github.com/ninja-build/ninja/archive/v1.10.2/ninja-1.10.2.tar.gz
>> 
>> curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
>> 
>> 
>> 
>> But that is looking like minor stuff.
>> 
>> We’ve been struggling for a while now to provide a capable port command (and other commands) to software that will allow a current SSL to work. Looks like you’ve really hit the ball out of the park with this one.
>> 
>> Thanks,
>> 
>> Ken
>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20201218/c6067294/attachment.htm>