How to get to old SSLv3 interfaces now that browsers are dropping it?

SSLv3 is broken, and you shouldn’t use it any more. However, there’s still lots of old hardware with embedded web interfaces that use it, like air conditioners, UPSs and other stuff. Essentially this hardware has been abandoned by their manufacturers, and there’s no hope of there being a firmware update for it.

At the same time browsers are dropping support for SSLv3, such as Firefox 39 (released 2015-07-02), and you can’t access your devices. One option, even worse than using SSLv3, is to disable SSL entirely and use clear, unencrypted HTTP, but you don’t want that. Instead, you can use a reverse proxy. On an internal webserver, we simply added these lines (these were for Apache 2.2):

Now when you go to https://internalwebserver/olddevice/ it will pass through your request, encrypted, to the old device and everything is fine. You can add as many as you need. Of course, you should be using TLS on this web server, or it’s all a bit of a waste of time. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *