bastien-roucaries
commented
3 years ago Note that in order to be safer using a proxy like stunnel instead of creating your own certicate and own crypto chain.
KISS please
Closed bastien-roucaries closed 3 years ago
bastien-roucaries
commented
3 years ago Note that in order to be safer using a proxy like stunnel instead of creating your own certicate and own crypto chain.
KISS please
bastien-roucaries
commented
3 years ago In fact we care about your package for securing old scanner.
adding a freedom box will secure old scanner printer
SimulPiscator
commented
3 years ago I was thinking about integrating OpenSSL support through a std::streambuf descendant. Would that violate KISS?
bastien-roucaries
commented
3 years ago I was thinking about integrating OpenSSL support through a std::streambuf descendant. Would that violate KISS?
It is usually harder to support all ssl option using the lib and do in a secure way, think about client certificate, perfect forward secret and so on. A lot of option to code.
stunnel over unix socket is KISS simple and audited. This is less security to audit on your side and it is better. KISS
bastien-roucaries
commented
3 years ago Note that nginx in transparent proxy accept unix socket KISS
SimulPiscator
commented
3 years ago OK, there is a unix socket option now.
Hi,
Does it work over https ?
It will be better to check if it work over https from a security point of view