Certificates in Icab & Classilla

[petermyersaus]

Icab and Classilla waste my time with messages such as

"The Certificate of the Server is not valid" (iCab)

"Unable to verify the identity of [webpage] as a trusted site" (Classilla).

"[browser] does not have the Certificate for [webpage]"

In each case, I have to click a response box. Sometimes there are 2 or 3 such messages for a particular webpage.

Have I got these browsers set up wrongly? But I can't see anything in the Preferences which would cause this.

Any tips?

[GaryN]

Regarding Classilla:  https://code.google.com/archive/p/classilla/wikis/AAATheFAQ.wiki

From the above:
*******************************
Does Classilla support TLS or SSL?

Classilla supports TLSv1, SSLv2 and SSLv3. Of the three, TLS is the most preferred and highest level of security, while SSL is an older encryption technology predating TLS. SSLv2 is no longer secure and should no longer be used; it is disabled by default starting in Classilla 9.3.3 and will be removed completely in a future version. SSLv3 is still available but is considered deprecated due to intrinsic flaws in the protocol and will be disabled by default in a future version. In addition, "export-only" low-key-length symmetric ciphers are also considered deprecated and will be disabled by default in a future version.

Classilla does support TLSv1, but versions prior to 9.3.3 did not support certain features which may cause sites to renegotiate SSLv3. In 9.3.3, support for Server Name Indication (SNI) was added, which improves verification of certain secure websites.

Classilla's encryption package does not currently include higher performance elliptic curve support, but does support regular Diffie-Hellman exchange for forward secrecy. For example, DHE-RSA-AES256-SHA is fully supported.

Some secure websites give me an error -8182.

These sites use SHA-256 certificates for TLS. This support was added in Classilla 9.3.3.

Some secure websites give me a dialogue box saying the site could not be verified.

Classilla allows you to override certain checks on certificate identity when you know or trust that the network and site you're connecting to have not been compromised. For example, if the domain name is slightly different, or the certificate is recently expired, you may receive this box but the certificate may still be perfectly safe to accept temporarily. You receive this box if the certificate name differs, the certificate is expired, it is signed by a certificate authority you don't currently accept, or, starting in 9.3.3, if the certificate is signed with an algorithm that Classilla does not yet understand.

With the added support in 9.3.3 and later versions, this situation should be much less common. If it occurs, you should examine the certificate carefully and decide what to do and how long you want the exception to last. There is no good rule of thumb on when this is safe to do, although a site that used to work and suddenly fails to work, especially on a different network, should be considered an indication your connection is not safe. Remember: if you override a certificate check, you are telling Classilla that verification is not required or possible, which may cause you to send information to an unauthorized third party which is masquerading as the trusted site. Be cautious when approving these requests.

**************************************

icab issues are similar.

These are old browsers that seldom get updated to the ever-changing new world. There are many new security protocols in use today that did not even exist when these were current. Some certificate updates are possible, others not so much. The internet is in many ways like a public toilet…there are many nasty things lurking that you shouldn't touch, and some folks are doing their level best to put those things on you.

Bottom line, security alerts from old browsers go with the territory. How many of them you get is directly related to how far off the beaten path you go. If you feel they're "wasting your time", either ignore them or use a more up-to-date system on the net. Personally, I'd recommend the latter.

[mrhappy]

The internet is in many ways like a public toilet

And don't forget to flush!!

Nice explanation Gary!

[Protools5LEGuy]

We have a problem with the old 9.2.3 version included in Complete DAW Restore with Cubase VST/32 with Pre-Authorized Virtual Instuments & FX.

It can't download 9.3.3 from the sourcecode servers...

Let's see what happens when downloading from our servers.

[Protools5LEGuy]

Sorry, but I were on a non OS9 machine

[Protools5LEGuy]

Eureka!    Our server is more patronizing than SourceForge. We all should get from this post 9.3.3 to update 9.2.3

[Roman323]

But can’t these new methods be added to the browsers we have for OS 9, such as Netscape ?

[GaryN]

But can’t these new methods be added to the browsers we have for OS 9, such as Netscape ?

In the real world, no. The biggest problem now is that everything is heavily encrypted. Seriously… you send the digit "5" and it gets turned into NCKE83G6OGM or similar. 32-bit encryption became 64-bit which became 128-bit and on and on. Teaching old browsers to handle this stuff would require enormous amounts of new code inserted into browsers nobody even has the code for anymore. Then, even it you somehow could, anything less then G4 duals would c r a a a w l . That's before you even address the enormous amounts of junk script stuffed into every web page to make sure they can follow you around while you buy all the stuff they shove in your face. Then there's playing catch-up with all the certs…a full-time job in itself. Is that enough? There's still more…

Cameron tried hard with Classilla, he really did but even he had to throw in the towel. TenFourFox is hanging by a thread and it all he can do to keep it from falling too. This is the world we live in.

[Bolkonskij]

Yeah, that pretty much sums up the situation. Of course it *could* be possible. Look at the Amiga fans who develop their own browser (iBrowse). It'll even work on 68k Amigas - with SSL. (albeit no Javascript yet).

A big BUT - they actually *sell* the browser in order to finance development. That would never work with Mac users. From various MorphOS discussions on Apple groups I get the impression everyone expects someone™ to spend hours coding for free. (that rule applies only to others of course - they themselves always do want to get full pay).

So good luck finding that someone™. Especially since the ones with the skills of coding a browser are sought-after specialists that can make a lot of money. Why would you spend your time coding for people who wouldn't even leave a "thank you"?

Add the fact that the Mac OS community is much much smaller than e.g. the Amigans and you know there's not going to happen much. We still fiddling with our aging original hardware and don't even have a FPGA-based hardware replacement like the Amigans, Atari fans and others already have. That's something I'd love to see done before we're even thinking about a modern browser because our hardware doesn't get any younger.

Apart from the hardware issue, I for one believe that for the forseeable future our hope lies in gateway services. They will do server-side magic (e.g. scraping news pages and delivering the results unencrypted in plain html on a news page that'll work with IE 5.x too.)

I feel that's what we should focus on. Granted, you won't be able to do your Online Banking with OS9 again, but at least you should be able to use certain features again. Like the image uploader at the Mac Garden is a great example.

[IIO]

it is pointless to try to update classilla because almost nobody uses it. we should be happy with all the years of free support by the project and let go browsing html.

[Roman323]

Yeah, that pretty much sums up the situation. Of course it *could* be possible. Look at the Amiga fans who develop their own browser (iBrowse). It'll even work on 68k Amigas - with SSL. (albeit no Javascript yet).

A big BUT - they actually *sell* the browser in order to finance development. That would never work with Mac users. From various MorphOS discussions on Apple groups I get the impression everyone expects someone™ to spend hours coding for free. (that rule applies only to others of course - they themselves always do want to get full pay).

So good luck finding that someone™. Especially since the ones with the skills of coding a browser are sought-after specialists that can make a lot of money. Why would you spend your time coding for people who wouldn't even leave a "thank you"?

Add the fact that the Mac OS community is much much smaller than e.g. the Amigans and you know there's not going to happen much. We still fiddling with our aging original hardware and don't even have a FPGA-based hardware replacement like the Amigans, Atari fans and others already have. That's something I'd love to see done before we're even thinking about a modern browser because our hardware doesn't get any younger.

Apart from the hardware issue, I for one believe that for the forseeable future our hope lies in gateway services. They will do server-side magic (e.g. scraping news pages and delivering the results unencrypted in plain html on a news page that'll work with IE 5.x too.)

I feel that's what we should focus on. Granted, you won't be able to do your Online Banking with OS9 again, but at least you should be able to use certain features again. Like the image uploader at the Mac Garden is a great example.

Well, if not internet, can email still work ? I tried to enter my gmail and hotmail settings and outlook express did not work - tried under classila and it didn't work. I really miss the internet of 1999/2000/2001 when things were so simple. OS 9 had no issues with accessing the internet back then. I also notice that even Tiger has issues with websites. Really, Steve could have let development continue with 9 at least till like 2010 or something. It didn't get the life it deserved. Just my opinion of course.

[Roman323]

Yeah, that pretty much sums up the situation. Of course it *could* be possible. Look at the Amiga fans who develop their own browser (iBrowse). It'll even work on 68k Amigas - with SSL. (albeit no Javascript yet).

A big BUT - they actually *sell* the browser in order to finance development. That would never work with Mac users. From various MorphOS discussions on Apple groups I get the impression everyone expects someone™ to spend hours coding for free. (that rule applies only to others of course - they themselves always do want to get full pay).

So good luck finding that someone™. Especially since the ones with the skills of coding a browser are sought-after specialists that can make a lot of money. Why would you spend your time coding for people who wouldn't even leave a "thank you"?

Add the fact that the Mac OS community is much much smaller than e.g. the Amigans and you know there's not going to happen much. We still fiddling with our aging original hardware and don't even have a FPGA-based hardware replacement like the Amigans, Atari fans and others already have. That's something I'd love to see done before we're even thinking about a modern browser because our hardware doesn't get any younger.

Apart from the hardware issue, I for one believe that for the forseeable future our hope lies in gateway services. They will do server-side magic (e.g. scraping news pages and delivering the results unencrypted in plain html on a news page that'll work with IE 5.x too.)

I feel that's what we should focus on. Granted, you won't be able to do your Online Banking with OS9 again, but at least you should be able to use certain features again. Like the image uploader at the Mac Garden is a great example.

Here is another question - what if Steve did not pull the plug on OS 9 development and at least kept it going till say 2010 ? I think os 9 was pulled too soon. It could have existed alongside Mac OS X. Now, I am having issues trying to get email to work, at least I would be happy to check email through OS 9. Come to think of it, I don't remember checking my bank account on OS 9 back in 2000/2001. I miss those years when the internet was "normal" and not bloated like today. I also contributed to Kaiser for his keeping PowerPC Macs still going. Classila is supposed to get another update I think from what I read on the classila site.

[Bolkonskij]

1.) Why should Apple have kept Mac OS alive? As much as I'd wish, they wanted everyone to go OSX asap. Further OS9 support would only have been an obstacle towards this goal. Besides, Apple always had this "Slash and burn" attitude towards moving on. From the very beginning. Ask the Apple II folks ...

2.) E-Mail and OS9 work fine for me. Try the Classilla E-Mailer. I use it daily to check my e-mails from gmail (POP). If it doesn't work, check if your gmail settings allow for "unsecure POP connections" or something - assuming you're not trying IMAP. (the settings are to be found within your Gmail account - not the e-mail client)

3.) I LOVE the 2000's web as much as you do. That's why I created my two projects (see signature).

There are a couple of sites like these out there. I totally dig the idea of creating more and building our own Mac OS eco-system. From talking to the Mac Garden folks I know they're working on a redesign that will actually be made with Classilla (and even older browsers) in mind. So there you go! That's the approach we as Mac OS community should be taking. Go ahead and start your own project, Roman323! Everyone can help out ...

[IIO]

exactly. it is 2020 now and we should focus on what we can do in 2021, and not what somebody else might have done wrong in 2001.

in theory, the 7447a can run at up to 2,4 GHz. any takers?

[Knezzen]

2.) E-Mail and OS9 work fine for me. Try the Classilla E-Mailer. I use it daily to check my e-mails from gmail (POP). If it doesn't work, check if your gmail settings allow for "unsecure POP connections" or something - assuming you're not trying IMAP. (the settings are to be found within your Gmail account - not the e-mail client)

Just wanted to chime in that IMAP in Classilla with Gmail works just fine. It's what I have used with it for the last 10 years or so.
Still worked fine when I checked my mail using the TiBook this morning

[Roman323]

But can’t these new methods be added to the browsers we have for OS 9, such as Netscape ?

In the real world, no. The biggest problem now is that everything is heavily encrypted. Seriously… you send the digit "5" and it gets turned into NCKE83G6OGM or similar. 32-bit encryption became 64-bit which became 128-bit and on and on. Teaching old browsers to handle this stuff would require enormous amounts of new code inserted into browsers nobody even has the code for anymore. Then, even it you somehow could, anything less then G4 duals would c r a a a w l . That's before you even address the enormous amounts of junk script stuffed into every web page to make sure they can follow you around while you buy all the stuff they shove in your face. Then there's playing catch-up with all the certs…a full-time job in itself. Is that enough? There's still more…

Cameron tried hard with Classilla, he really did but even he had to throw in the towel. TenFourFox is hanging by a thread and it all he can do to keep it from falling too. This is the world we live in.

Well, I think the world should go back to 2000 web browsing.. There is no need for bloatness in the internet at all. Even my Mac Pro 2010 is SLOWWWWWWWWWW rendering lots of bloat out there. I spoke directly with Cameron and he hasn't abandoned Classila, just that it is taking a little longer than need be. Meanwhile, I am seeing others on youtube using classila and accessing sites like www.wikipedia.org with no issues. So, there is something going on. And I refuse to accept that its done because windows 98 and 2000 can still browse the modern web.. it just shows Apple lost, windows won. And I refuse to accept that.

[Roman323]

2.) E-Mail and OS9 work fine for me. Try the Classilla E-Mailer. I use it daily to check my e-mails from gmail (POP). If it doesn't work, check if your gmail settings allow for "unsecure POP connections" or something - assuming you're not trying IMAP. (the settings are to be found within your Gmail account - not the e-mail client)

Just wanted to chime in that IMAP in Classilla with Gmail works just fine. It's what I have used with it for the last 10 years or so.
Still worked fine when I checked my mail using the TiBook this morning

So, why won't outlook express 5 work ? For some reason its not working - gmail uses imap and I created a new email account with NO SECURITY and it still won't work. I tell it to goto 993 port imap.gmail.com - incoming, SSL and Encrypt Password. smtp settings: port 587 smtp.gmail.com and still its not working. Yes, It works on Cameron's Classila, however it won't work under outlook express 5 or Mulberry, or even Netscape's email client.

[GaryN]

Well, I think the world should go back to 2000 web browsing.. There is no need for bloatness in the internet at all. Even my Mac Pro 2010 is SLOWWWWWWWWWW rendering lots of bloat out there. I spoke directly with Cameron and he hasn't abandoned Classila, just that it is taking a little longer than need be. Meanwhile, I am seeing others on youtube using classila and accessing sites like www.wikipedia.org with no issues. So, there is something going on. And I refuse to accept that its done because windows 98 and 2000 can still browse the modern web.. it just shows Apple lost, windows won. And I refuse to accept that.

Jeez man, give it a rest already.

"Well, I think the world should go back to 2000 web browsing."
  Yeah…and I think we ought to go back to micro-mini skirts and hot pants but I'm not holding my breath waiting for that either.

"There is no need for bloatness in the internet at all."
  …because everything should be free, right? Face it: Ads suck but they existed before you or I were born, they took up entire pages in magazines and they'll continue as long as THEY are what pays for all of that "free" content.

"I spoke directly with Cameron and he hasn't abandoned Classila,"
  No, not abandoned… not officially. But as much of a fucking genius as he is, he's still human. He has a life and a wife. There is NO, repeat, NO practical way to bring Classilla into the 21st century without rewriting so much of it it might as well be a completely new browser. Find a lottery winner or the son of an oil sheik to pay for a development team to write and maintain a browser for a niche market of "obsolete" computer nerds (that's us) and I'm certain he'll be happy to assist.

"And I refuse to accept that its done because windows 98 and 2000 can still browse the modern web"
  Anybody who connects a Win 98 computer to the internet deserves all they get - and they WILL get much more than they want.

"it just shows Apple lost, windows won."
  No, Apple deprecated a seriously flawed (lovable, but flawed) operating system in favor of a more modern framework that could continue to evolve.
Maybe you've heard of it… it's called OSX. It works really, really well.

Look dude, I fucking LOVE OS9. I LOVE running my studio on "obsolete" hardware with "obsolete" software that somehow outputs a quality product you can't distinguish from the latest and greatest sixty-kinds-of-VST-compressors across 140 tracks DAWs. BUT…

I browse the damn internet with Firefox and Safari under Mojave.

Just because you CAN get on the freeway with your Model T doesn't mean you SHOULD.
You cannot keep up and you cannot expect everyone else to slow down to YOUR speed for YOUR convenience.

[Roman323]

Oh good news to report. i found a developer who goes by Witnicks I think on macrumors who can redesign and place the modern security protocols and TLS's into classila, however he told me he does not have any experience with OS 9, but if he can get it to work under 10.0-10.3.9 then it really doesn't matter, since classila under 9 will still work even though the security updates were added in OS X. Classila is backward compatible with earlier versions of OS X, minus Tiger of course.

Stay tuned..

[Mat]

Jeez man, give it a rest already.

I have to step in and assist Roman323 a little bit!
To argue agains the development the society and the IT business is doing is always of value. It reminds us that a lot of things are going wrong. The need of all the ads is not useful for us, as well as 90% of the stuff modern OSs are doing in the background, are of no value for us users, and do not improve our tools, that our computers always should be.

a seriously flawed (lovable, but flawed) operating system

Thats bullshit. Yes, 9 has some issues, but Unix is nothing that people at single workplaces need at all. Remember, it was Apple who needed some of the functionality of X (and those in cheapest possible ways, and in cooperation with Steve and usage of his Next), not the users. And those who can use Unix are fine with other Unix OS' as well. There was no need to go this direction, and no "flaw" of Mac OS 9 at all. And do not come along with the "missing memory protection", …

it's called OSX. It works really, really well.

No it does not, but you do not recognize it anymore. If you are still using 9 on a daily basis, as I do, you can see how useless most of Xs stuff is! I have two new experiances that again confirmed my last decades experiance with X.

1.) I have now sometimes to work at a G5 4x 2,5 with 16 GB Ram. And this machine is so damn slow with most stuff!. I could improve the experiance a lot in downgrading to 10.4, kicking spotlight and a bunch of other useless programs, but still I have to wait 5 times more than at a well installed 9 machine at 1 GHz. That means this machine feels 50 times slower than it should with 9! Why the hell do I have to wait 10 seconds until a file openes? Why do I have to watch a bouncing ball, when I paste 1 line of text? Why the hell are most concepts focused on presentation instead of workflow? No, X is a still a pain, and impudence. I still do not get why anybody ever accepted it and started to use it. The only cause why most people do not feel like this today, is that the hardware provides in the meantime nealy endless computing power for wasting.

2.) I had my first experiance with X 10.14, and beside the fact that its GUI is crap, its possibilities are only used by software that is bossing around the users. Program X needs internet access for updating, before you can close it. Program y likes to get access to some hardware, Program z needs veryfication as you are at the wrong place, … and so on. It was just a pain.

I browse the damn internet with Firefox and Safari under Mojave.

There is no cause why webbrowsing should not work perfectly at any 9 machine. It is just a cause of good programming. When I see what my MDD can do at (the still quite slow) LinuxMint PPC, there is no argument why it should not work with the much faster 9 as well. Especially if we would exclude all the ads in a wise way.