Out of curiosity, I just installed Opera 12, the last release for FreeBSD and it works really well for being 7 years old. I had to symlink /usr/local/lib/libfreetype.so to /usr/local/lib/libfreetype.so.9, but that doesn’t seem to cause any problems.
Some issues I’ve encountered after ~10 minutes of browsing:
Lobste.rs initially gave a “Handshake failed because the server does not want to accept the enabled SSL/TLS protocol versions.” error, which is actually explained on the error page. I enabled all of the security protocols in the settings and restarted, and it seems to work with TLS 1.2 now, and I’m typing this message in it.
Some fields on Github’s new code view page show as empty rectangles. Specifically the last commit messages and the last modified dates.
Some sites (reuters, NYTimes) have a big pause the first time they load. Maybe the JS is running synchronously and blocking the main thread?
The reuters.com main page displays fine, but images don’t show up after clicking through to the articles. This is almost certainly due to the javascript slide-show they use.
Some HTTPS sites just refuse to load, I suspect they’re using TLS>1.2. Opera only exposes a UI to enable TLS up to 1.2, but maybe there’s workaround editing INI files directly…
Wikipedia redirects every page to a “Your Browser’s Connection Security is Outdated” page
If it weren’t for the HTTPS issues, I’d say it’s still usable for day to day browsing - at least for me.
Edit: After browsing around a bit longer, I’ve gotten a few random crashes. Maybe something to do with the freetype library hack? In any case, it’s nice enough to bring up a crash dialog that offers to restart with the last set of tabs open and unlike the “Firefox needs to update and restart” dialog, Opera actually restarts with the tabs open.
Well, I guess there is an option of using a MITM proxy in front of the browser. I think Squid has an option to install a proxy CA in the browser and craft certificates that have the same «verification status» but relative to a different CA.
Do you have any resources on setting up Squid to effectively downgrade TLS? Last I looked into it, I couldn’t seem to make Squid do what I wanted to from reading their documentation.
I never got around to set this up as my real-browser usage went a bit down and domain-based blocking works well enough.
Current Squid Wiki seems to imply it negotiates protocol details independently with client and server; apparently (looking at Stack Exchange) by enforcing bump on the step 1 (in the very beginning) it worked a few years ago, but did not mimick the certificate status properly.
I’ve disabled TLS 1.3 in my Firefox (it does 1.2 only). I’ve been browsing like this for over a year, but I’ve never hit a site that refused to load because of this. Maybe Opera is missing some cipher suites in TLS 1.2?
Out of curiosity, I just installed Opera 12, the last release for FreeBSD and it works really well for being 7 years old. I had to symlink /usr/local/lib/libfreetype.so to /usr/local/lib/libfreetype.so.9, but that doesn’t seem to cause any problems.
Some issues I’ve encountered after ~10 minutes of browsing:
If it weren’t for the HTTPS issues, I’d say it’s still usable for day to day browsing - at least for me.
Edit: After browsing around a bit longer, I’ve gotten a few random crashes. Maybe something to do with the freetype library hack? In any case, it’s nice enough to bring up a crash dialog that offers to restart with the last set of tabs open and unlike the “Firefox needs to update and restart” dialog, Opera actually restarts with the tabs open.
Pretty sure O12 predates TLS 1.3 (at least the current spec), so I think 1.2 is the best you’re going to get.
Well, I guess there is an option of using a MITM proxy in front of the browser. I think Squid has an option to install a proxy CA in the browser and craft certificates that have the same «verification status» but relative to a different CA.
Do you have any resources on setting up Squid to effectively downgrade TLS? Last I looked into it, I couldn’t seem to make Squid do what I wanted to from reading their documentation.
I never got around to set this up as my real-browser usage went a bit down and domain-based blocking works well enough.
Current Squid Wiki seems to imply it negotiates protocol details independently with client and server; apparently (looking at Stack Exchange) by enforcing bump on the step 1 (in the very beginning) it worked a few years ago, but did not mimick the certificate status properly.
Nice experiment!
I’ve disabled TLS 1.3 in my Firefox (it does 1.2 only). I’ve been browsing like this for over a year, but I’ve never hit a site that refused to load because of this. Maybe Opera is missing some cipher suites in TLS 1.2?
I miss old Opera. Current Mozilla is the best alternative for the time-being.
But now we have https://beakerbrowser.com/
EDIT: silly me, should have at least scrolled to the bottom before commenting
“They tried and failed?”
“They tried and died.”