This repository has been archived by the owner on Nov 18, 2022. It is now read-only.
TLS/SSL certificate verification #339
Comments
hugbug
added a commit
that referenced
this issue
Feb 17, 2017
hugbug
added a commit
that referenced
this issue
Feb 17, 2017
hugbug
added a commit
that referenced
this issue
Feb 17, 2017
hugbug
added a commit
that referenced
this issue
Feb 17, 2017
hugbug
added a commit
that referenced
this issue
Feb 18, 2017
hugbug
added a commit
that referenced
this issue
Feb 18, 2017
hugbug
added a commit
that referenced
this issue
Feb 19, 2017
hugbug
added a commit
that referenced
this issue
Feb 19, 2017
hugbug
added a commit
that referenced
this issue
Feb 20, 2017
hugbug
added a commit
to nzbget/nzbget.github.io
that referenced
this issue
Jul 2, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
hugbug
added a commit
that referenced
this issue
Oct 9, 2017
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
NZBGet supports TLS/SSL for communication with news and web servers. Connections are encrypted but the implementation lacks an important step - server certificate verification. As a result the security is reduced, in particular undetectable Man-in-the-Middle attacks (MitM) are possible.
Further details can be found in discussion #332.
To improve security NZBGet should implement server certificate verification, including hostname validation.
NZBGet can be compiled with either OpenSSL or GnuTLS. Since these two libraries have different API the certificate verification in NZBGet requires two implementations.
Tasks:
The text was updated successfully, but these errors were encountered: