It looks[1] like Squid can do SSL Interception. I imagine it should be possible, therefore, for squid to perform the HTTPS connection and either downgrade it to HTTP or to re-encrypt it with a lower grade. YMMV
[1] http://wiki.squid-cache.org/Features/HTTPS On 13/04/17 18:01, Greg Wooledge wrote: > On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote: >> This started out a year or so ago with the occasional site in >> which lynx would report that it was unable to establish a TLS >> connection with this or that site. [...] > It's not just lynx. It's EVERY single terminal-based browser, and > as you noticed, it gets worse every day. > > Apparently all of the terminal-based browsers in wheezy and jessie are > linked with libgnutls instead of libopenssl, and libgnutls (at least as > provided by jessie) is completely incapable of forming an SSL connection > with half of the Web. > > Every time someone in IRC pastes an https://* link, it's a roll of the > dice whether I'll be able to open it in elinks. https://paste.debian.net/ > is one example of a site that does not work. If you remove the 's' > and just go to http://paste.debian.net/ it's fine. > > Most other paste sites don't offer a working option like that. >
