Open hsiliev opened 8 years ago
cf-gitbot
commented
8 years ago We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/129479897
The labels on this github issue will be updated when the story is started.
hsiliev
commented
7 years ago Self-signed certs using mongoclient are now disabled with https://github.com/cloudfoundry-incubator/cf-abacus/commit/b6a1a3c2e547fcda51ef2437a42dbe64d1c557a1
Currently bosh couch and mongo DB clients allow http and https and self-signed certificates even if Abacus is secured.
We should only use https and disable self-signed certificates, hardening Abacus by default. This makes misconfiguration harder and reduces the attack surface.