Post by Eric Pozharski Post by Rich
As to whether you personally feel the protection against a slim
chance of a middleman trying to substitute the content is worth the
hassle of keeping one's ssl certs/library up to date is a question
only you can answer for yourself. I'll agree that there are many
examples where the pain seems not worth the effort.
My understanding this spirals pretty much from the start. If remote
(being it site's admin or package maintainer) decides to disable
anything below TLS1.3 then local can't just drop in replacement
libraries -- those aren't backward compatible; local can't just drop
in replacement libraries and the recompile userspace -- libraries
aren't backward compatible; and if local goes spot-upgrade then
something might manifest as not forward compatible (with Modern
Technologies(TM)). Just in case, talking from experience here (my
beloved elinks has been built seven years ago; I assure you, it's
Not sure I understand all of that but I *think* it reflects my
experience. Unable to connect to my local library with Firefox v.??
and Seamonkey (2.21) versions distributed with Slack 14.1.
Investigation reveals no overlap between the 37 cipher suites
supported by Seamonkey 2.21 and the 4 cipher suites supported by the
local library. NYTimes and a [name redacted] financial site, yes;
South Shore Regional Library, no, not secure enough. Email with the
library admins resulted in:
I've had techs look into this, and there is nothing on our side that
is configured in a way that should prevent use of the site. They have
identified two factors that might be impacting your use of the site:
1) your browser, via two contributing factors:
a) Seamonkey is an uncommonly used browser, and thus one not supported
by our network provider (they support the more well-known browsers
such as IE, Chrome, Safari, Firefox, etc.);
b) that the version of Seamonkey that you are using (Seamonkey 2.21)
is in the 'Old and Unofficial Releases' section of the
seamonkey-project.org website, so even if it was a supported browser
then that particular version would still not be on their supported list.
2) Based on the information you provided, it is also possible that
your network and computer configuration may be set up in an uncommon
manner that is impacting your use of the site.
At this time their recommendation is to install one of the more common
and supported web browsers.
Just an example of how HTTPS locks you in to endless upgrade on
someone else's schedule. Trying to figure out how to locally update
crypto libs, cert archives, possible patches etc. is a can of worms
I'm uninterested in.
Presently using Slack 14.2 and Seamonkey 2.40 that works fine.
Except I've given up on the library anyway. Their website author(s)
have striven to include as much graphic eye candy as possible (in a
rural region where many potential visitors are stuck with no broadband
of very pricey bits) and (what I take to be) a combo of js and
stylesheets aimed at kewl interactive features. Result is a dog's
Yeah, yeah, should word leak out that I've looked up _The 120 Days of
Sodom_, papers on surviving multiple venereal diseases or successful
uxorial poisonings.... well, I wasn't looking for a job anyhow. ;-)
Summary: "HTTPS everywhere" is a nice concept but the burden of
implementation at the bleeding edge isn't justified by the benefits.
Cranky ol' geezer,
Mike Spencer Nova Scotia, Canada