Closed AndyW999 closed 2 years ago
vocoded
commented
2 years ago Hi @AndyW999 - unfortunately no, as we continue to improve our organizational security posture we cannot guarantee the insecure version will be available that long. I understand the concerns about TLS certs, is there no way you could arrange for this specific configuration to be field-upgradeable?
AndyW999
commented
2 years ago Thanks for the prompt response! The places these things are usually put, is it usually not possible. They will not allow external servers for upgrades as they may not longer be there in the future - like a lot of IOT stuff that is there one day and gone the next... Which cert do you actually use so I can configure my peer cert for testing?
vocoded
commented
2 years ago You can retrieve current certificate details using openssl, like:
openssl s_client -connect zellowork.io:443 -servername zellowork.io -state -debugThanks!
Andy.
We are currently working on putting the channel API interface on a embedded board.
From my testing I see that both secure - wss://zellowork.io - and non-secure - ws://zellowork.io - are both supported.
Due to the problems in getting a long term peer TLS certificate as the unit will need to operate for up to 10 years without updates will the non-secure method be allowed to continue to operate and used long term?
Thanks
Andy.