Re: Shimming HTTP to HTTPS.
Appears that the less-than and greater-than signs were replaced with
the null character. I'm not sure why but will try to prevent henceforth.
The In-reply-to and References above should be right except that there
is no magnifying glass link. This is email. Not HTML.
* From: Reco
* Date: Thu, 18 Jul 2019 10:13:58 +0300
> Shorewall is a frontend to netfilter kernel subsystem.
> It can do all kinds of things as long as they do not exceed L4 (as in
> OSI L4, transport layer). What you want to do is to apply a
> transformation to L7 (application layer), and that's something that
> netfilter cannot do.
OK, good. In case anyone is interested, this is from
https://en.wikipedia.org/wiki/Transport_Layer_Security .
"TLS and SSL do not fit neatly into any single layer of the OSI model
or the TCP/IP model.[8][9] TLS runs "on top of some reliable transport
protocol (e.g., TCP),"[10] which would imply that it is above the
transport layer. It serves encryption to higher layers, which is
normally the function of the presentation layer. However, applications
generally use TLS as if it were a transport layer,[8][9] even though
applications using TLS must actively control initiating TLS handshakes
and handling of exchanged authentication certificates.[10]"
There are two kinds of browser here. (1) Firefox and dillo which handle
HTTP and HTTPS properly. (2) The Oberon browser which currently handles
only HTTP.
So this is the problem which interests me.
When firefox or dillo requests any URL, process it as usual.
When the Oberon browser requests a HTTP URL, process it as usual.
When the Oberon browser requests a HTTPS URL, divert it and apply TLS.
Not obvious how these three cases should be separated but this is an
idea. For Oberon HTTPS I choose a private port which won't interfere
with anything else. 65535 for example. To open a HTTPS page with
Oberon, request this URL: HTTP://<domain>:65535/<path>. In the host
system, where the Oberon browser is running, set up a proxy to
intercept traffic to 65535 and apply TLS.
Any sense in that? Further tips welcome of course.
Thanks, ... P.
--
https://en.wikibooks.org/wiki/Oberon
Tel: +1 604 670 0140 Bcc: peter at easthope. ca
Reply to: