[#73] gopher over TLS (gophers) support
I've noticed there's no support for gopher over TLS, so I think it's a good idea to make a issue here for it to be supported.
I've been told it's just the same protocol with a layer of TLS on top.
#feature #gopher
🐞 Issue #73 in s/Lagrange-Issues
Mar 02 · 7 months ago
7 Comments ↓
The problem with Gopher over TLS is that the gopher menu format does not indicate if you should use TLS or not for a connection. A server can support both TLS and non-TLS, so a client that does not support TLS can still connect, but nevertheless if you want to use TLS, it would be helpful to specify the use of TLS. One way to work around this problem is to specify the use of TLS in the DNS record.
The advatange of Gopher over TLS is that virtual hosting is possible.
🕹️ skyjake [mod...] · Sep 09 at 04:01:
So, is there any sort of specification for Gopher-over-TLS? I don't really fancy writing support for anything that doesn't have a spec, even an informal one...
As far as I know, the specification is nothing more than "Gopher-over-TLS", and that the URI scheme is "gophers:" instead of "gopher:". (I may be wrong, but that is all that it is as far as I am aware of. Anyone that knows otherwise should mention it.)
TLS and non-TLS can use the same port since the client sends first and it is unlikely that 0x16 is the first byte of any selector string.
As I mentioned, there are advantages and disadvantages. There are a few ways around the disadvantages (e.g. DNS, manual configuration by users, the server checking for TLS and changing the menus to work, etc), but in my opinion they won't be very good either.
🍭 jmjl [OP] · Oct 11 at 17:34:
Is there some kind of standarized dns record?
I do not know of any kind of standardized DNS record for such a purpose. (Such a DNS record, if it is made, could be useful for purposes other than Gopher, too. It could be used to specify availability (and version, and possibly other details) of TLS with any protocol that supports it.)
🍭 jmjl [OP] · Oct 12 at 16:24:
Wouldn't that be checking the presence of a TLSA record?
Also, note that I've detected some clients will try to do tls when you specify gophers:// and prompt you if you want to do it without tls and fallback to non-tls.
I looked up TLSA record, and I believe that will work. (A browser could have an option, to use TLS for links between Gopher servers according to TLSA records.)
Source