Support cert pining in the http webserver

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset

https://www.radare.org/

GNU Lesser General Public License v3.0

20.81k stars 3.02k forks source link

Support cert pining in the http webserver #12626

Open radare opened 5 years ago

XVilka commented 5 years ago

I believe cert pining was killed by Google Chrome, so makes no sense to waste time on it, no? See https://raymii.org/s/blog/Chrome_68_is_deprecating_HPKP.html

radare commented 5 years ago

All decent mobile apps do that to avoid man in the middle attacks

On 5 Jan 2019, at 06:33, Anton Kochkov notifications@github.com wrote:

I believe cert pining was killed by Google Chrome, so makes no sense to waste time on it, no? See https://raymii.org/s/blog/Chrome_68_is_deprecating_HPKP.html

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.