Ask HN: Is it possible to strip SSL and serve plain HTTP to local browsers?

2 points by forgotmypw17 ↗ HN
I regularly have problems accessing content due to various SSL problems, such as expired certificates, mis-matched subdomains, clock offsets, etc.

I'd like to run some kind of proxy which presents as plaintext HTTP to my browser, and goes out and gets content from the HTTPS equivalent of the same site, ignoring all SSL errors. Does anyone know if this is possible?

I am not too concerned about MITM attacks and security in general, because I browse reputatable sites through a reputable ISP in a VM.

6 comments

[ 3.0 ms ] story [ 27.0 ms ] thread
You might try with nginx acting as a reverse proxy
Assuming you use Google Chrome, you can start it with a few flags that make it ignore all SSL errors, this will be the "easier" solution than setting up a reverse proxy.

  chrome-wrapper --ignore-certificate-errors --test-type
Otherwise a reverse proxy like Apache, HAProxy, or nginx would work.

Now, instead of doing any of that, you should maybe try and figure out why you're having so many TLS issues where other people do not.

I use at least 30 different browsers, Chrome being one of the least frequent.

This helps, however. Thank you.

I don't think I have an unusual amount of TLS issues per site browsed, I just browse many sites.

For example, today wikiless.org's certificate is expired, and I cannot ignore the error in Waterfox because of HSTS, unless I "forget about this site", which removes all my History entries.

I would estimate that I have about one issue per 100 sites browsed, which adds up.

I am using nginx as an reverse proxy. depending if its an local or public domain, i use my step-ca acme server or letsencrypt. dehydrated is used to regularly update the certs and i had only problems with devices without my ca.