Support HTTPS - Githubissues

JensRantil / yubikey-basic-auth-proxy

Reverse HTTP proxy server that requires Yubikey OTP authentication to allow proxying.

MIT License

11 stars 0 forks source link

Support HTTPS #4

Closed JensRantil closed 8 years ago

JensRantil commented 8 years ago

Essentially what needs to be done is:

[x] Add command line parameters for certificate and private key.
[x] If defined, use https://golang.org/pkg/net/http/#ListenAndServeTLS.

A non-requirement is to support custom TLS parameters. Golang has a good default (current stable, 1.5, is A+ on SSLLabs). For custom TLS properties, I think a different tool should be used in front of yubikey-basic-auth-proxy.

Workaround: Wrap an HTTPS proxy in front of this.

JensRantil commented 8 years ago

Question: Should the application enforce TLS? Maybe add an --insecure flag for non-TLS?