> is it possible to provide > some of the system packages with fresh frameworks, most important, SSL? > I'd need that for Mail (even TenFourBird doesn't work) and a working > browser...
So for SSL, what you want to do is set up a proxy server that can act as a "man in the middle" for your Mac's SSL traffic. This proxy will intercept the legacy SSL traffic coming from your Mac and translate it into modern HTTPS traffic before sending it to the server. Similarly, it will intercept the server's modern SSL traffic and translate it into legacy SSL traffic before sending it to your Mac. This will allow plain ol' Apple Mail to connect to modern providers (and fix an assortment of other random stuff). There are a number of programs that can act as a MiTM proxy, but I personally use Squid. For legacy Intel Macs running e.g. Snow Leopard, I actually have an installer on https://jonathanalland.com/old-osx-projects.html that sets up everything automatically. The only problem is that you're on PowerPC. I have never been able to get Squid working reliably on Mac PPC with the necessary features enabled. So, what you need to do instead is set up Squid on a secondary machine on your network, and use the IP address of that machine as your proxy server in System Preferences. This secondary machine could be an old PC or a Raspberry Pi. There are a few too many variables for me to provide precise setup instructions, but you will want Squid's configuration file to look something like the below: http_port 3128 ssl-bump generate-host-certificates=on cert=/path/to/squid.pem key=path/to/squid-key.pem tls_outgoing_options cafile=/path/to/cacert.pem sslcrtd_program /path/to/security_file_certgen acl local_addresses ssl::server_name_regex ^192\.[0-9]+\.[0-9]+\.[0-9]+$ ^10\.[0-9]+\.[0-9]+\.[0-9]+$ ^172\.(1[6-9]|2[0-9]|3[01])\.[0-9]+\.[0-9]+$ acl loopback_addresses ssl::server_name_regex ^127\.[0-9]+\.[0-9]+\.[0-9]+$ ^::1$ acl apple_domains ssl::server_name_regex ess\.apple\.com$ ^sw.*\.apple\.com$ ^iphone-services\.apple\.com$ acl excluded any-of local_addresses loopback_addresses apple_domains ssl_bump splice excluded ssl_bump bump all acl fetched_certificate transaction_initiator certificate-fetching cache allow fetched_certificate http_access allow fetched_certificate sslproxy_cert_error deny all http_access allow localhost http_access deny to_localhost http_access allow local_addresses http_access deny all You can obtain Mozilla's cacert.pem from https://curl.se/docs/caextract.html. You can generate the squid.pem and squid-key.pem certificates with something like: openssl req -x509 -newkey rsa:4096 -subj '/CN=Squid' -nodes -days 999999 -keyout squid-key.pem -out squid.pem Afterwards, you will also need to add Squid.pem to Keychain Access on your Mac, and set its trust settings to "Always Trust" for "Secure Socket Layer (SSL)" traffic. This is what allows the proxy server to decrypt, translate, and re-encrypt your HTTPS traffic.
