Open leto opened 7 years ago
Would not be bad to enable TLS between nodes also..
we could use wss:// instead of ws:// for tls, but need to add that into the backend perl
@madbuda yes, if we use https:// we must also use secure WebSockets (wss://) or mixed content errors will happen
@sennevb just to be clear, we are talking about a webmining web browser here, which connects to a website to get Stratum jobs. The web browser is not running a hush node, so this is not a p2p thing, this is a client-server thing
@leto should we move this to the webminer repo? FYI we also have https://github.com/orgs/MyHush/projects/2
@madbuda not sure, because right now hush.git is the place where all bounties are listed . The project board is cool! :+1:
Describe the issue
miner.myhush.org does not support SSL. To fully support SSL, we must support Secure WebSockets (WSS), which requires opening up new server ports, and new nginx configs and updating HTML/JS with relevant URL and code changes.
Additionally, the Perl code that is the dynamic part of the codebase needs to be made into a CPAN module, to be testable and trivially distributable via-known-trusted channels like package managers.
Additionally, we need to be able to payout to N addresses with arbitrary ratios, to enable many use cases.
Can you reliably reproduce the issue?
Yes
Bounty
250 Hush
Expected behavior
miner.myhush.org has modern TLS security deployed and is able to ask people to input a taddr and then send a certain percentage of that browser tab's mining to their custom address.
Additionally, it is a CPAN module which reads in a custom config file, and is trivially installable on every server Perl exists (just about every one).
Actual behaviour + errors
We use HTTP currently which can be re-written by evil network operators, and leaks metadata.
The version of Hush you were using:
All