search

simpleledger / Electron-Cash-SLP

Electron Cash for SLP Tokens
https://simpleledger.cash/project/electron-cash-slp-edition/
MIT License
64 stars 53 forks source link

Allow user to disable SSL for Electrum server #131

Open siraben opened 3 years ago

siraben commented 3 years ago

In the network settings, there's a toggleable option for whether to use SSL or not, but the helpbox says that we can only disable SSL when using a Tor proxy. Instead, the option to disable SSL should be given no matter what for testing purposes.

cculianu commented 3 years ago

TBH I agree with you here. I hate that it's locked. @imaginaryusername and others wanted me to keep it locked. I see Electron Cash as a power wallet for power users -- if you want an Apple-style completely locked down idiot-proof wallet, use something else.

So in that philosophy I 100% agree with you. Sooo.. @imaginaryusername and @jcramer @blockparty-sh .. what do you guys think about this? I think we should let the user do what he/she wants.

Or is non-SSL that dangerous?

imaginaryusername commented 3 years ago

Since there's a "backdoor" where you can enable Tor, disable Tor, then viola you can use non-SSL as you wish... yeah, might as well let people do it all the time.

cculianu commented 3 years ago

We could just make them agree to an agreement clicking "I agree" like Apple does and then feel content that we did our due diligence.

blockparty-sh commented 3 years ago

Agree. Instead of some popup isn't it sort of obvious what disabling encryption means?

cculianu commented 3 years ago

IDK .. to me it is. shrug Whatever people want. Popup, no popup. I'm ok with whatever. I'm deep in the rabbit hole so to me it's very clear but -- maybe @imaginaryusername is more "in tune" with the common everyman.

siraben commented 3 years ago

What sort of changes would it require? In a local copy I was able to disable the SSL checkbox but it didn't seem to have any effect.

imaginaryusername commented 3 years ago

I'd say as long as the default is "Use SSL", we don't need the popup or disclaimer - option is sufficiently buried and risk not immediate enough, people can be responsible for their own decisions.

cculianu commented 3 years ago

@siraben How did you disable the checkbox exactly? It's not enough to kill the GUI element -- one must also walk into mordor and change the config key...

siraben commented 3 years ago

@cculianu I set ssl_disable at https://github.com/simpleledger/Electron-Cash-SLP/blob/e8a928243cc33a7672c1c37b217762a6cbb2613a/gui/qt/network_dialog.py#L735 to False, obviously it didn't work.

We're going to go with using SSL for now, even though that complicates our setup more. In the future it would be nice to not use SSL.