Menu
▾
▴
#8 HTTPS Support
Also, I noticed on the forums that someone else had the same idea as me: support HTTPS, your current implementation of encryption is very weak, and is suitable to a man-in-the-middle attack, supporting HTTPS would enable an organisation to purchase a SSL Certificate for ~AU$30 which would provide “unbreakable” <-- notice the quotes…. Protection, much stronger than that offered by your implementation, where by the client cannot authenticate if it is really talking to the server or an attacker.
Logged In: YES
user_id=1642498
Originator: NO
I would also like https very much. My webspace-provider does not have OpenSSL and/or MCrypt installed so I cannot use these.
If you develop https please also allow for private certificates so I don't have to buy an official one.
Logged In: YES
user_id=1398100
Originator: YES
@uyuni
>If you develop https please also allow for private certificates so I don't
>have to buy an official one.
This defeats the point of using SSL, using "self-signed" certificates is as vulnerable to "man-in-the-middle" attacks as the current implementation of the encryption.
Logged In: YES
user_id=1642498
Originator: NO
Yes you are right that self-signed certificates are not the best security.
But my webhosters (4 different ones) do not have OpenSSL and/or MCrypt so at the moment I have no encryption at all!
But I do have SSL (some accounts with self-signed, some not).
I would like to add my support for HTTPS connections.
HTTPS can be set up using stunnel at the client side, and at the server side if you use the perl standalone version of the server.
If you use the php version of the server on a https-enabled server, you don't need stunnel on the server. But I needed to patch the perl client to modify the host header.