Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

XaPHER

macrumors 6502
Original poster
Oct 13, 2010
280
180
Not coming here often, though I just felt like sharing some of my experience about the new further deprecation of TLS 1.1 and below that many significant websites adopted.

Given how much attention has been paid to OS X for PowerMacs since 2010, it doesn't make that much of a difference on leopard and tiger when it comes to just web browsing. In contrast, Classilla 9.3.3 has been badly injured by this. For example I can no longer connect to any of WikiMedia's domains I regularly used (Wikipedia, wiktionary, etc), nor most non-google search engines (alas, duckduckgo) using Classilla since it connects to https using TLS 1.0 and below. †††††

This hit Webkit-based OS X browsers as well. The system frameworks in 10.4 and 10.5 support up to TLS 1.0. iCab, Safari, Stainless, Roccat and others can get an updated security framework by means of leopard-webkit recent versions. At this point it enables support for TLS up to 1.2. That said, some "webkit shells" browsers are left out by this because they do not directly link or interact with the security framework and leave it to other system frameworks. Among others, Fluid instances, Sunrise, (IIRC) demeter/shiira, and likely web pages displayed within the dashboard behave this way.

It also means once google/youtube follows this trend, quicktime and other OS X-native players won't read videos directly from a youtube URL anymore (except rtsp:// as far as it goes).

What about omniweb?

There's another webkit browser that doesn't get relinked by the leopard-webkit droplet for different reasons: OmniWeb. It has its own custom webkit, webcore, javascriptcore integrated inside its .app package. In terms of overall out-of-the-box feature set and light footprint, OmniWeb still is my rank #1. It has extensive per-site preferences, ad-blocking, a very responsive UI, starts up ridiculously fast, (to me) feels more OS X-native than safari, and is badly out-of-date with current web standards. The droplet refuses to relink OmniWeb to leopard-webkit, but if it just loads the security framework from lepWK it will support TLS 1.2 as well.

Relinking

Do not do this on 10.4:

It doesn't even require manual relinking with install_name_tool : OmniWeb has a mechanism that prioritizes loading from its own frameworks folder before /System/Library/Frameworks/. Just use an already relinked application LepWK and go to application LepWK.app/Contents/frameworks/ , then copy security.framework, libgcc_s.1.dylib, libstdc++.6.dylib and libsqlite3.dylib to OmniWeb.app/Contents/frameworks/.

Note: Don't use the security.framework inside webkit.app, it won't load properly; use a relinked app.

This way, Github, which has been TLS 1.2+ only for a while should connect and load:
Picture 6.png

The Tenfourfox Github repository page, very poorly rendered in omniweb

Why would I use OmniWeb if it won't render a single page correctly?

Up to you. It's definitely not suitable for every use but, once javascript and GIF images animation are disabled, it's ridiculously fast and responsive. You can control your user agent and much more on a per-site basis. To me it's a decent feature-rich www browser for lightweight use. Many pages will render incorrectly or won't render at all, but in the end I don't mind. As long as I can navigate them(which is the case for github). Avoid untrusted sites, don't submit personal/login information, disable cookies by default, keep javascript off, use Tenfourfox otherwise. I like old school websites more of course. Gopher support is also nice to have!

Tip: https://duckduckgo.com/lite renders perfectly using omniweb.

Just a "doing whatever I can to browse the web on my powermacs with ease"
 
Last edited:

alex_free

macrumors 65816
Feb 24, 2020
1,093
2,335
Not coming here often, though I just felt like sharing some of my experience about the new further deprecation of TLS 1.1 and below that many significant websites adopted.

Given how much attention has been paid to OS X for PowerMacs since 2010, it doesn't make that much of a difference on leopard and tiger when it comes to just web browsing. In contrast, Classilla 9.3.3 has been badly injured by this. For example I can no longer connect to any of WikiMedia's domains I regularly used (Wikipedia, wiktionary, etc), nor most non-google search engines (alas, duckduckgo) using Classilla since it connects to https using TLS 1.0 and below. †††††

This hit Webkit-based OS X browsers as well. The system frameworks in 10.4 and 10.5 support up to TLS 1.0. iCab, Safari, Stainless, Roccat and others can get an updated security framework by means of leopard-webkit recent versions. At this point it enables support for TLS up to 1.2. That said, some "webkit shells" browsers are left out by this because they do not directly link or interact with the security framework and leave it to other system frameworks. Among others, Fluid instances, Sunrise, (IIRC) demeter/shiira, and likely web pages displayed within the dashboard behave this way.

It also means once google/youtube follows this trend, quicktime and other OS X-native players won't read videos directly from a youtube URL anymore (except rtsp:// as far as it goes).

What about omniweb?

There's another webkit browser that doesn't get relinked by the leopard-webkit droplet for different reasons: OmniWeb. It has its own custom webkit, webcore, javascriptcore integrated inside its .app package. In terms of overall out-of-the-box feature set and light footprint, OmniWeb still is my rank #1. It has extensive per-site preferences, ad-blocking, a very responsive UI, starts up ridiculously fast, (to me) feels more OS X-native than safari, and is badly out-of-date with current web standards. The droplet refuses to relink OmniWeb to leopard-webkit, but if it just loads the security framework from lepWK it will support TLS 1.2 as well.

Relinking

Do not do this on 10.4:

It doesn't even require manual relinking with install_name_tool : OmniWeb has a mechanism that prioritizes loading from its own frameworks folder before /System/Library/Frameworks/. Just use an already relinked application LepWK and go to application LepWK.app/Contents/frameworks/ , then copy security.framework, libgcc_s.1.dylib, libstdc++.6.dylib and libsqlite3.dylib to OmniWeb.app/Contents/frameworks/.

Note: Don't use the security.framework inside webkit.app, it won't load properly; use a relinked app.

This way, Github, which has been TLS 1.2+ only for a while should connect and load:
View attachment 904111
The Tenfourfox Github repository page, very poorly rendered in omniweb

Why would I use OmniWeb if it won't render a single page correctly?

Up to you. It's definitely not suitable for every use but, once javascript and GIF images animation are disabled, it's ridiculously fast and responsive. You can control your user agent and much more on a per-site basis. To me it's a decent feature-rich www browser for lightweight use. Many pages will render incorrectly or won't render at all, but in the end I don't mind. As long as I can navigate them(which is the case for github). Avoid untrusted sites, don't submit personal/login information, disable cookies by default, keep javascript off, use Tenfourfox otherwise. I like old school websites more of course. Gopher support is also nice to have!

Tip: https://duckduckgo.com/lite renders perfectly using omniweb.

Just a "doing whatever I can to browse the web on my powermacs with ease"

PowerPC Media Center can download any URL including TLS 1.3 only ones, on Panther-Snow Leopard since it is linked against the latest OpenSSL 1.1.1f and uses the newest Mozilla certs for cURL.

Could help anyone out that just needs an html page or a specific file that is only accessible over TLS 1.3 connections.
 

BurntSourdough

macrumors newbie
Apr 6, 2020
10
0
I haven't been able to use OmniWeb in years. The SSL certificates on many sites won't allow it. When it did work when I ran benchmark tests it was faster than any other browser.
 

wicknix

macrumors 68030
Jun 4, 2017
2,623
5,307
Wisconsin, USA
Interesting. Other than the nag screen, i really like icab relinked to lwk. It seems to me it renders quicker than safari/lwk, and has boatloads of options as well. I gave it a chrome UA (renders github perfectly), and a chrome icon. However for general browsing on Leopard i use IceWeasel-PPC. ;)

Cheers

icab-lwk-chrome-ua.png
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.