nix-xin
commented
7 years ago That is a great idea. I haven't thought about implementing SSL on my Mellivora site, but now that you bring up that excellent point. Thank you.
R/ Luciano
On May 22, 2017, at 7:25 AM, wayneaswilliams notifications@github.com wrote:
When utilizing mellivora for a CTF, instead of just having select pages with HTTPS, it makes sense to encrypt everyone's connection to the scoring server.
One big note would be when others are submitting flags, they can be intercepted and other teams can submit a flag they stole, rather than earned.
The solution I came up with is full HTTPS with TLSv2.0 support on the scoring server. By modifying the default-ssl.conf file in apache/sites-available/ and setting
Redirect permanent "/" "https://mellivora" Attached is a potential version to include for HTTPS support. I noticed there is not a lot of documentation on Mellivora for how to set that up, so I am willing to write the guide if it is included in the source. default-ssl.conf.txt
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Nakiami
When utilizing mellivora for a CTF, instead of just having select pages with HTTPS, it makes sense to encrypt everyone's connection to the scoring server.
One big note would be when others are submitting flags, they can be intercepted and other teams can submit a flag they stole, rather than earned.
The solution I came up with is full HTTPS with TLSv2.0 support on the scoring server. By modifying the default-ssl.conf file in apache/sites-available/ and setting
Attached is a potential version to include for HTTPS support. I noticed there is not a lot of documentation on Mellivora for how to set that up, so I am willing to write the guide if it is included in the source. default-ssl.conf.txt