-
-
Notifications
You must be signed in to change notification settings - Fork 8.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable SSL on web.rustdesk.com #856
Comments
It is not we do not want. Actually it requires a lot of efforts for us, because if change to https, we also need change ws (websocket) to wss. To support global users, we have 3 rendevous servers, 8 relay servers (though all are very cheap ones) across the world. It means we need to add SSL to all of these servers, and assign dns name to the relay servers (currently we use ip directly for convinence). web.rustdesk.com is still in beta or experimental stage, I think web socket with wasm is not a good solution because of not good performance, we may change to webrtc solution in the future. And, our connection (websocket) is encrypted in the same way as desktop / mobile connection. Above may be excuses from your perspective. Looking forward to your understanding. |
SSL and WSS are standards for a reason. |
WSS may very well be somewhat slower. But SSL certs and DNS records for 11 hosts would take any junior administrator about an hour to implement with the right preparation. |
I agree with simeononsecurity on this issue. SSL can be a bit of a pain to initially setup but it is a big standard with plenty of documentation. Additionally, the improvements to security are enormous compared to the effort needed. Security needs to be a priority on any remote access services. Especially on amazing services that are growing as fast as RustDesk. |
Not only security problem. GFW of China often inspect and drop some http or ws packets so that it make requests be timeout, which makes it inconvenient for foreign users to interact with Chinese users. Https and wss have lower probability of being inspected and higher reliability. |
@rustdesk The SSL cert on https://web.rustdesk.com only contains a SAN for: altnames='DNS:rustdesk.com' This will be causing you LOTS of issues with SSL for any host other than the naked domain name (likely causing issues for the WSS connections as well). There needs to be a second SAN in the certificate to work correctly for DNS:*.rustdesk.com so that all subdomains are covered. This will allow wss:// to work properly as well since without verifying the SAN to the hostname most modern browsers will deny the connection. This is easily achieved and fully supported in Lets Encrypt. |
wontfix since it is beta, let do it in next version. |
updated to http://45.76.181.120:8080/#/ beause we enabled HSTS, http://web.rustdesk.com is not available any more. |
Can you make web.rustdesk.com acessible using https ?
The text was updated successfully, but these errors were encountered: