tls – Is there a protocol for signed but not encrypted HTTP


Your title says signed, but your text only says ‘not modified’ which is quite different.

SSL/TLS before 1.3 has some ‘with-NULL’ ciphersuites that provide NO confidentiality, only authentication and integrity; see e.g. rfc5246 app C and rfc4492 sec 6 or just the registry. These do the usual handshake, authenticating the server identity using a certificate and optionally also the client identity, and deriving session/working keys which are used to HMAC the subsequent data (in both directions, not only from the server) but not to encrypt it. This prevents modification, or replay, but allows anyone on the channel/network to read it.

These ciphersuites are very rarely used, and always (TTBOMK) disabled by default. (In OpenSSL, they not only aren’t included in DEFAULT but not even in the otherwise complete set ALL — to get them you must specify (an) explicit suite(s), the set eNULL aka NULL, or the set COMPLEMENTOFALL, which last grates horribly to any mathematician!) I very much doubt you’ll ever get any browser to use them, and probably not most apps or even many packaged servers. But if you control the apps at both ends of an HTTPS connection — or perhaps proxies for the apps — this does meet your apparent requirement.

TLS 1.3 changes how ciphersuites are used, and no longer has this functionality. As time goes on, 1.3 will become more widespread, and it is likely 1.2 and 1.1 will be dropped in the foreseeable future. (1.0 already has been dropped many places, though not all. SSL3 is badly broken by POODLE, and dropped essentially everywhere.)