Re: Shimming HTTP to HTTPS.

To: debian-user@lists.debian.org
Cc: peter@easthope.ca
Subject: Re: Shimming HTTP to HTTPS.
From: peter@easthope.ca
Date: Sun, 28 Jul 2019 09:17:21 -0700
Message-id: <[🔎] E1hrlrN-0002IM-Cf@joule.invalid>
In-reply-to: <[🔎] E1ho0c1-0001Rb-VB@enotuniq.net>
References: <[🔎] E1hnrXI-0001TD-UZ@dalton.invalid> <[🔎] E1ho0c1-0001Rb-VB@enotuniq.net>

Appears that the less-than and greater-than signs were replaced with 
the null character.  I'm not sure why but will try to prevent henceforth.

The In-reply-to and References above should be right except that there 
is no magnifying glass link.  This is email.  Not HTML.

*	From: Reco 
*	Date: Thu, 18 Jul 2019 10:13:58 +0300
> Shorewall is a frontend to netfilter kernel subsystem.
> It can do all kinds of things as long as they do not exceed L4 (as in
> OSI L4, transport layer). What you want to do is to apply a
> transformation to L7 (application layer), and that's something that
> netfilter cannot do.

OK, good.  In case anyone is interested, this is from  
https://en.wikipedia.org/wiki/Transport_Layer_Security .
"TLS and SSL do not fit neatly into any single layer of the OSI model 
or the TCP/IP model.[8][9] TLS runs "on top of some reliable transport 
protocol (e.g., TCP),"[10] which would imply that it is above the 
transport layer. It serves encryption to higher layers, which is 
normally the function of the presentation layer. However, applications 
generally use TLS as if it were a transport layer,[8][9] even though 
applications using TLS must actively control initiating TLS handshakes 
and handling of exchanged authentication certificates.[10]"

There are two kinds of browser here.  (1) Firefox and dillo which handle 
HTTP and HTTPS properly.  (2) The Oberon browser which currently handles 
only HTTP.

So this is the problem which interests me.
When firefox or dillo requests any URL, process it as usual.
When the Oberon browser requests a HTTP URL, process it as usual.
When the Oberon browser requests a HTTPS URL, divert it and apply TLS.

Not obvious how these three cases should be separated but this is an 
idea. For Oberon HTTPS I choose a private port which won't interfere 
with anything else.  65535 for example.  To open a HTTPS page with 
Oberon, request this URL: HTTP://<domain>:65535/<path>.  In the host 
system, where the Oberon browser is running, set up a proxy to 
intercept traffic to 65535 and apply TLS.  

Any sense in that?  Further tips welcome of course.

Thanks,                            ... P.

-- 
https://en.wikibooks.org/wiki/Oberon
Tel: +1 604 670 0140            Bcc: peter at easthope. ca

Reply to:

Follow-Ups:
- Re: Shimming HTTP to HTTPS.
  - From: Reco <recoverym4n@enotuniq.net>
- Re: Shimming HTTP to HTTPS.
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- HTTP shimmed to HTTPS; was Re: stunnel as transparent proxy.
  - From: peter@easthope.ca
- Re: HTTP shimmed to HTTPS; was Re: stunnel as transparent proxy.
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: Magnifying glass character, 🔎.
Next by Date: Re: Volume jumps to maximum during Youtube stream in epiphany ( gnome web)
Previous by thread: Re: HTTP shimmed to HTTPS; was Re: stunnel as transparent proxy.
Next by thread: Re: Shimming HTTP to HTTPS.
Index(es):
- Date
- Thread