Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Document that the RPC interface supports SSL, but its use is discouraged #1036
Comments
|
I just asked in #bitcoin-dev and @jonasschnelli pointed me to bitcoin/bitcoin#5677 which will remove SSL support. For details, see the comments starting here: bitcoin/bitcoin#5677 (comment) If you want to add a quick note to the docs about SSL support, I'd be fine with that, but I'd suggest against spending any time on it that could be better used elsewhere. |
harding
added
the
Dev Docs
label
Aug 29, 2015
|
Oh, if you want to mention that using ssh or some other sort of tunneling if the best way to remotely access the RPC, that would be good all on its own. |
|
I'm glad to hear that support for SSL will be dropped. In light of that, like you say there's no sense documenting it. Thanks for investigating. |
carnesen commentedAug 29, 2015
As I understand it, the RPC interface supports SSL, but its use is discouraged. We should add a few words to the developer documentation saying as much, something along the lines of this answer on StackExchange:
"The RPC interface isn't designed to be used in any scenario which would require SSL, which would be access over the internet or other untrusted networks. It doesn't have the necessary denial of service protections or review to make it safe for use this way, and so letting potentially malicious clients connect to it would be incredibly unwise. If you need to talk to a remote bitcoind instance you are better off tunneling with SSH or stunnel which will provide a secure, authenticated path without exposing the socket any further than localhost."