# TLS 1.2 support for Classilla 9.3.4b
Many current websites no longer support TLS 1.0, which is the maximum security protocol natively available in Classilla. However, the later TLS 1.2 protocol can be added to Classilla 9.3.4b using [Crypto Ancienne](https://oldvcr.blogspot.com/2020/11/fun-with-crypto-ancienne-tls-for.html), which can be run as a proxy from OS X running Classilla under Classic, from Rhapsody running Classilla under Mac OS, or from Power MachTen running concurrently with Classilla on MacOS itself. You can also set it up on another local machine. In this configuration, Crypto Ancienne does the encryption for Classilla as a proxy.

Although this page include step-by-step directions, you should have some basic working knowledge of typical Unix commands. This support is only available for Classilla 9.3.4b.

## Installing Crypto Ancienne under Mac OS X
A pre-built Rhapsody binary of Crypto Ancienne can run on any Power Mac running any Classic-capable version of Mac OS X. Source code is included for all tools.

1. Download [the binary archive for Rhapsody](gopher://gopher.floodgap.com/1/gopher/clients/mac/carl-rhapsody-56.tar.gz) from the Floodgap gopher server. Classilla can access Gopher URLs. Move the archive anywhere convenient as a location.
2. Start a Terminal window and change the directory to where you saved the archive. For example, if it was in your home directory, then type `cd ~`
3. `gunzip carl-rhapsody-56.tar.gz`
4. `tar xvf carl-rhapsody-56.tar`
5. This will leave you with a new folder called `cryanc` with the binaries, so `cd cryanc`
6. Start `carl`, Crypto Ancienne's combination client and proxy, listening to localhost with `./micro_inetd 8765 ./carl -p`
7. Start Classilla under Classic, and skip to the section on _Configuring and Using Classilla_ below.

## Installing Crypto Ancienne under Power MachTen
A pre-built binary of Crypto Ancienne can run on any Power Mac with [Power MachTen](http://www.tenon.com/products/machten/) 4.1.4 from Tenon Intersystems. It may work with earlier versions. It does not work with Professional MachTen, which is 68K only. Source code is included for all tools.

1. Download [the binary archive for Power MachTen](gopher://gopher.floodgap.com/1/gopher/clients/mac/carl-machten-414.tar.gz) from the Floodgap gopher server. Classilla can access Gopher URLs. Put the archive **in the root of the same volume where Power MachTen is installed**.
2. Start Power MachTen if it is not already running and log into the console. Change the directory to where you would like to install the binaries. For example, if you would like to place them in your home directory, then `cd ~`
3. `dfork //carl-machten-414.tar.gz carl-machten-414.tar.gz` (yes, two slashes)
4. `gunzip carl-machten-56.tar.gz`
5. `tar xvf carl-machten-56.tar`
6. This will leave you with a new folder called `cryanc` with the binaries, so `cd cryanc`
7. Start `carl`, Crypto Ancienne's combination client and proxy, listening to localhost with `./micro_inetd 8765 ./carl -p`
8. Start Classilla so that it is running simultaneously with Power MachTen, and skip to the section on _Configuring and Using Classilla_ below.

## Installing Crypto Ancienne under Rhapsody/Mac OS X Server v1.2
A pre-built Rhapsody binary of Crypto Ancienne can run on any Power Mac running Mac OS X Server v1.2 (Rhapsody 5.6). It may work with earlier versions. Source code is included for all tools.

1. Download [the binary archive for Rhapsody](gopher://gopher.floodgap.com/1/gopher/clients/mac/carl-rhapsody-56.tar.gz) from the Floodgap gopher server. Classilla can access Gopher URLs. Move the archive anywhere convenient as a location.
2. Start a Terminal window and change the directory to where you saved the archive. For example, if it was in your home directory, then type `cd ~`
3. `gunzip carl-rhapsody-56.tar.gz`
4. `tar xvf carl-rhapsody-56.tar`
5. This will leave you with a new folder called `cryanc` with the binaries, so `cd cryanc`
6. If your installation of Rhapsody shares an IP address with MacOS, then start `carl`, Crypto Ancienne's combination client and proxy, listening to localhost with `./micro_inetd 8765 ./carl -p` and skip to step 8.
7. If your installation of Rhapsody has a different IP address than MacOS, then you may need to listen to all interfaces. You should be careful if your system is publicly accessible as others may be able to proxy through you. Start `carl` on all interfaces with `./micro_inetd_any 8765 ./carl -p`
8. Start Classilla under MacOS, and skip to the section on _Configuring and Using Classilla_ below.

## Installing Crypto Ancienne on a Separate Machine
The steps to do so will depend on the specific operating system and compiler. See [Crypto Ancienne's Github page](https://github.com/classilla/cryanc) for supported operating systems and further information. You should *not* use it on a system that is not on your local network, and the machine you install it on should not allow connections from outside hosts. Note the local IP address for the next section.

## Configuring and Using Classilla
Now that Crypto Ancienne is installed and `carl` is listening, Classilla must be configured to use it.

1. With Classilla started, go to `about:config` and set `network.http.proxy.use-http-proxy-for-https` to `true`. This instructs Classilla to send *un*encrypted requests for encrypted resources to the proxy. **This setting must be `false` for any other HTTP proxy.**
2. Go to Classilla's Preferences window. Under Advanced > Proxies, enter `localhost` and `8765` for the host and port numbers for "SSL Proxy." If you are using a separate machine, or your Rhapsody installation is using a different IP address, then substitute it for `localhost`. You can leave "HTTP Proxy" blank unless you want to also proxy unencrypted traffic through `carl`, which is supported (in that case, use the same values there). Click "OK."
3. Access any URL starting with `https://` and Classilla will forward the request to `carl`, which will handle the encryption. Note that the padlock icon never shows the connection is secure because technically it isn't (the connection between Classilla and `carl` is unencrypted, but if the connection is via `localhost`, by definition it can't be intercepted). As a result, in this configuration Classilla also cannot verify certificates or server identities.
4. To halt `carl`, change back to the Terminal window or Power MachTen's console and press CTRL-C. The listener process will stop. This will not harm Classilla, but it will not be able to access any TLS resource (or, if proxying them, HTTP resource) until `carl` has been restarted or the settings above are reverted.

Power MachTen users may wish to consider keeping Power MachTen files on a different volume from Classilla to guard against corruption if a system crash occurs. Periodically backing up the FFS volumes is also recommended.

Do not file bugs on Classilla's TLS support against Crypto Ancienne. They will be marked as invalid.

.