Open FroMage opened 10 years ago
I have a Java prototype that abstracts SSL into the traditional select/async pattern we use, so I should be able to merge this in.
What is our stance about self-signed certificates?
Do we need to have a stance? I don't think we do.
What I mean is: If I write a client which connected to some https
site and that site has a self signed certificate, by default is the connection considered OK, or does the connection fail.
Not sure, I'll read up on it before I set the default. It's my understanding that nowadays people actually advise you to use self-signed certificates, in the light that SSL certificate signing authorities are compromised by governments so self-signed is actually more secure (for the certificate owner). So not clear at all.
Well, the choice is between the devil and the deep blue sea. If we were to always trust self-signed certs then there's no detection/prevention of MITM. OTOH, (assuming this is all built on Java's security stuff), then to use a self signed cert people would have to find out the cryptic commands used to add a cert to the JVMs trusted certs file. My personal experience is that this feels pretty cryptic and fiddly the first few times you do it, and it raises the bar for people adopting HTTPS.
We should add support for SSL sockets, in a way that does not leak to the users more than by specifying that SSL should be used.