Re: [Lynx-dev] TLS-"transport layer security" & LYNX

[Thorsten Glaser]

Mouse dixit:

>> go to for my work and it gets worse daily.
>
>Me too, but it's not lynx's fault in my case.

If it’s “getting worse daily” I suspect it’s the fault of all those
sites and CDNs now requiring TLSv1.1 or TLSv1.2 or an ECC ciphersuite.
I am hit hard by those as well.

There’s likely no way out except upgrading to LibreSSL or something.
But that’s an OS-wide issue, nothing lynx can help you with.

I admit having been a proponent of using HTTPS everywhere for quite
some time, but this nonsense (and insecurity; TLSv1.3 *mandates* SNI
which leaks the actual vhost you’re addressing to eavesdroppers just
because idiots can’t be arsed to use IPv6 instead of name-based vhosts
or shell over enough money for wildcard or multi-sAN certificates) is
more than just irritating (so I now continue offering https but won’t
force people to use it, except on actual login pages and such and the
confidential/user-specific data they generate).

>For example, I've had some failures trying to use lynx with various
>websites where all I get is a "403 Forbidden" nginx page.  I don't know
>what's wrong, but I see no reason to think it's lynx's fault.

These don’t seem to get more. They are the site administrators’
fault, although nginx seems to ship(? have shipped once?) a default
configuration that blocks “evil download bots” like lynx and GNU
wget. (Just when we thought those were a thing of the past, inci‐
dentally, this started. But then, I associate nginx with those new-
fangled “10x rockstar hipster developer” people, and _those_ are
known to repeat the mistakes of the past, ten times worse in some
cases.)

bye,
//mirabilos
-- 
21:12⎜<Vutral> sogar bei opensolaris haben die von der community so
ziemlich jeden mist eingebaut │ man sollte unices nich so machen das
desktopuser zuviel intresse kriegen │ das macht die code base kaputt
21:13⎜<Vutral:#MirBSD> linux war früher auch mal besser :D