Insecure default connection to hologram server?

AdRoll / hologram

Easy, painless AWS credentials on developer laptops.

Apache License 2.0

803 stars 42 forks source link

Insecure default connection to hologram server? #72

Open copumpkin opened 8 years ago

copumpkin commented 8 years ago

From here: https://github.com/AdRoll/hologram/blob/master/transport/remote/client.go#L37-L42

    tlsConf := &tls.Config{
        RootCAs: pool,
        // Hologram only uses TLS to ensure the credentials that go across the wire are kept secret, and since go uses
        // ECDHE by default, we actually don't care about leaking keys or authenticating either end of the connection.
        InsecureSkipVerify: true,
    }

Is that a reasonable assumption? Does it allow MITM-ing the hologram server connection?

copumpkin commented 8 years ago

Anyone?

BillMedernach commented 8 years ago

Good catch. I don't think is a reasonable assumption. The reason being that if we aren't authenticating the connection, then we could be doing ECDHE with a MITM which would mean a MITM could acquire the credentials that are sent.

copumpkin commented 8 years ago

That's what I thought. Here's what would make me happy: the server optionally listens with no SSL. I already run this thing behind an AWS ELB, and could just terminate SSL at the ELB and use a managed certificate on that side. The client should check certificates by default.