Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS web server #76

Open
opk12 opened this issue May 11, 2023 · 1 comment
Open

HTTPS web server #76

opk12 opened this issue May 11, 2023 · 1 comment

Comments

@opk12
Copy link

opk12 commented May 11, 2023

Thank you for this wonderful app. I have just found it on F-droid. What about an option for "HTTPS-only mode" with a self-signed certificate, to hide the file and the handshake (User-Agent) to passive listeners?

It is ineffective against active or targeted attacks, which I assume not to be an issue anyway, for a user of this very simple app. So I'd not care to check the fingerprint. But the encryption still rules out a class of attacks.
@marcosdiez
Copy link
Owner

Honestly, I don't plan to implement that.

This app is 99.99% of the time used within the internal network.
And HTTPS would prevent man in the middle, not leakage of data. I am not concern about MITM attack in my LAN.

But the cert would not be signed and it would probably not match the IP address. So the browser would issue a huge amount of warnings.

I don't see a problem being solved here. Sorry.
That being said, please feel free to send a pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marcosdiez @opk12