Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
TLS state-of-the-art in pump.io. We need to progress! #1061
I open this issue with the aims to make evolu the state-of-the-art in pump.io security.
By default pump.io in its standalone mode has a wrong and terrible TLS configuration that don't follow the latests good practices. The security and privacy of the users is primordial for me, and for that I wrote this patch that aims to help with that.
The patch implement the following:
And here, a small list the would be nice to be in the TODO list.
Please evan, be aware of the patch and help us to protect our users.
PS.- Edited for fix typos.
Yes, the patch has been enabled since yesterday in mipump.es
Here a few samples:
no peer certificate available
New, (NONE), Cipher is (NONE)
luisgf@NCC1701B:~$ openssl s_client -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt
No client certificate CA names sent
SSL session resume example:
luisgf@NCC1701B:~$ openssl s_client -reconnect -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt | egrep "^(New|Reused)"
luisgf@NCC1701B:~$ openssl s_client -reconnect -connect mipump.es:443 -tls1 -CAfile /etc/ssl/certs/ca-certificates.crt -no_ticket | egrep "^(New|Reused)"
New, TLSv1/SSLv3, Cipher is AES256-SHA