rina's space

april 16, 2025 @ 02:58 am | est. reading time: 3 - 4 mins | word count 689

running outdated tech is incredibly difficult

so you always hear those stories: some legacy site or obscure business gets hacked because they’re running tech from like, 2003? and you kinda roll your eyes, like, “why not just update your stuff, grandpa?” but then one day you’re that gal, trying to make something run on old tech, and suddenly you’re the one crying into your keyboard at 4am because nothing works and everything is cursed. as you know, i intentionally built my site with html4. yeah, on purpose. and as html is a markup language and not a true programming language, using the “outdated” one is no big deal, for the most part. i thought, “wouldn’t it be cool if it worked flawlessly on older systems?”. you know, as an ode to the old internet. the one i grew up with. and at first — it worked. on an old machine, it loaded like a dream. i was so smug, with some minor unicode errors. but the website was working.

until…. i decided to make the site secure-ish. disabling http fallback (so that everything runs on https only) made sense for modern security. it’s like the bare minimum now. but surprise surprise: that totally broke compatibility with older browsers and systems. because older systems can’t understand modern security protocols or cryptographic algorithms. they either need older tls/ssl protocols, or even just choke on anything that doesn’t let them default to plain http.

so i thought, “okay, fine. let’s bring back ssl2 or tls 1.1 just for compatibility.” that should work. right? yeah, no. it was a bloody nightmare. i had all the right lines in my config, checked every box, and did my research on how it should be done. and? nothing. nada. turns out openssl and apache just straight-up refused to cooperate. they’re programmed in a way to ignore the parts of config saying to use those outdated protocols. which makes sense, in most cases; but if someone is trying to enable them, they likely have a valid reason for doing so. you should be able to just do it and be it your own responsibility if something goes wrong. as i said, i get it: these softwares have evolved to keep you from shooting yourself in the foot. but i was actively trying to load the gun and it just wouldn’t let me. so much about “linux lets you do anything”.

so, the thing i want, can it even be done? yes, but it’s a huge pain in the ass which i'm not willing to do, i’m sorry.

so how can it be done? first, you find an ancient version of openssl, like 1.x.x or 2.x.x, because ever since version 3.x.x, apparently, the code supporting older protocols has been completely removed. and then, you’d also need to compile a relatively modern, but still not fully up-to-date version of apache and compile it with specific flags to allow those older protocols to even be enabled in config files. and you could do that… if you hate yourself and want to introduce a hundred new security holes into your system. and end up as on one of those websites you hear in the news about how they got hacked.

then came the dumb idea that briefly felt smart: “why not just isolate the cursed setup in docker?” y’know, build a container that runs the old stuff so it’s sandboxed away from the rest of your system. that way you get the compatibility and avoid messing up your machine. but then i remembered: docker isn’t magic. it’s not actually isolated in the hardcore way that makes running 2005 software safe in 2025. and also — i’m not stupid. or at least i try not to be.

running old tech is dangerous. that’s not even paranoia, that’s just facts. there are so many vulnerabilities that have been patched over the years by people way smarter than me. rolling back to outdated libraries is basically like saying, “i don’t want seatbelts or airbags in my car.” and honestly? i can’t be arsed trying to get it to work. so, this is the end of this blog on older systems, unless you use a backported browser.

⟵ back to blog