FroMage
commented
10 years ago I have a Java prototype that abstracts SSL into the traditional select/async pattern we use, so I should be able to merge this in.
Open FroMage opened 10 years ago
FroMage
commented
10 years ago I have a Java prototype that abstracts SSL into the traditional select/async pattern we use, so I should be able to merge this in.
tombentley
commented
10 years ago What is our stance about self-signed certificates?
FroMage
commented
10 years ago Do we need to have a stance? I don't think we do.
tombentley
commented
10 years ago What I mean is: If I write a client which connected to some https site and that site has a self signed certificate, by default is the connection considered OK, or does the connection fail.
FroMage
commented
10 years ago Not sure, I'll read up on it before I set the default. It's my understanding that nowadays people actually advise you to use self-signed certificates, in the light that SSL certificate signing authorities are compromised by governments so self-signed is actually more secure (for the certificate owner). So not clear at all.
tombentley
commented
10 years ago Well, the choice is between the devil and the deep blue sea. If we were to always trust self-signed certs then there's no detection/prevention of MITM. OTOH, (assuming this is all built on Java's security stuff), then to use a self signed cert people would have to find out the cryptic commands used to add a cert to the JVMs trusted certs file. My personal experience is that this feels pretty cryptic and fiddly the first few times you do it, and it raises the bar for people adopting HTTPS.
We should add support for SSL sockets, in a way that does not leak to the users more than by specifying that SSL should be used.