New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unsecured Connection Window Prompt #684

Closed
RobertAlan opened this Issue Jun 11, 2018 · 7 comments

Comments

Projects
None yet
5 participants
@RobertAlan
Copy link

RobertAlan commented Jun 11, 2018

Issue Checklist

Before creating a new issue make sure that you

Basic Info

I'm using macOS in version: 10.13.5 (17F77)

I'm running Cryptomator in version: 10.13.5 (17F77)

Description

Hey Guys. I've been using Cryptomator for quite a while now and am a HUGE fan. Recently (over the past week but not every time), when trying to log into a Vault on Dropbox, I'm getting the following error prompt. Is this safe?

Unsecured Connection

Do you want to send your name and password in a way that is insecure?

The baseURL provided uses an unsecured method for network communication. To use a secure connection, you muse use a server that supports SSL

Attachments (optional)

Screenshot of error window
unsecured-connection

Cryptomator Log File
cryptomator.log

@meyer-roessl

This comment has been minimized.

Copy link

meyer-roessl commented Jun 17, 2018

Same here (although my Cryptomator version is 1.3.2 - it seems to be a typo in the description from RobertAlan).
The issue appeared after upgrading to the latest MacOs version (https://support.apple.com/en-us/HT208849). I suspect one of the security fixes (CVE-2018-4223 to CVE-2018-4226) to cause this issue.

@overheadhunter

This comment has been minimized.

Copy link
Member

overheadhunter commented Jun 17, 2018

Since we're talking about a loopback connection, it is impossible to request a valid SSL certificate for localhost. Thus it is fine to allow unsecured connections.

Nevertheless we want to change this: Can you try out Cryptomator 1.4.0-beta1 with FUSE enabled?

⚠️ This is a beta version! Make backups and don't use this version for production data. ⚠️

@meyer-roessl

This comment has been minimized.

Copy link

meyer-roessl commented Jun 17, 2018

Yes, it works with 1.4.0-beta1 for me. Strangely, after running 1.4.0-beta1, I tested again 1.3.2 and had this time no issues. Just fyi.

@overheadhunter overheadhunter added this to the 1.4.0 milestone Jun 17, 2018

@no-response no-response bot closed this Jul 1, 2018

@no-response

This comment has been minimized.

Copy link

no-response bot commented Jul 1, 2018

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.

@PopTudor

This comment has been minimized.

Copy link

PopTudor commented Jul 30, 2018

Hey I also had this issue. To fix it, remove the vault from Cryptomator and then open it again with "Open existing vault"

@yshollander-selerity

This comment has been minimized.

Copy link

yshollander-selerity commented Nov 28, 2018

Hi, all,

We're seeing this issue on 1.4.0 as well. The vault was on Google Drive, in our case.

@overheadhunter

This comment has been minimized.

Copy link
Member

overheadhunter commented Nov 29, 2018

Anyone getting this issue: As mentioned before it is impossible to get a valid SSL certificate for localhost. Since 1.4.0 you can enable FUSE-based mounts instead of WebDAV. With FUSE this is no longer relevant.

@cryptomator cryptomator locked as resolved and limited conversation to collaborators Nov 29, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.