I wonder, has anyone built some sort of proxy yet to be able to access modern-TLS-using sites with old unmaintained devices?
Like, the "let's build sites so they work on all browsers" is fun and all, and is largely either unproblematic or a positive thing, but sending everyone's traffic over the internet in plaintext or over broken SSL is... extremely not it
(The problem with SSL/TLS specifically is that if you even *allow* plaintext or broken-SSL connections, this immediately makes *everybody* vulnerable to downgrade attacks, even if they are using a device/browser/etc. that supports a modern and safe TLS stack)
@joepie91
Additional problem with proxies and SSL/TLS is surfacing the status of remote certificate to the user.
IIRC one of very few well done solutions is Fudo Security's interceptor, which has two CAs, only one of which is trusted by clients, and it generates certificates for sites or proxies to with same dates as remote certificate, signed be either of the CAs, depending whether it itself recognises who signed remote certificate.
@joepie91 https://github.com/atauenis/webone among others. i think this is the one the Macstodon author recommends for being Online from antique Macs.