You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My original public ElectrumX server (now private) had a self-signed certificate that I recently changed over to a CA certificate (LetsEncrypt) in the consideration of a possible move back to a public server. Now any client that had previously connected to it can no longer connect as the client has a copy of the self-signed certificate in its cache.
My particular case is not a huge issue but I'm thinking that there are millions of users locked out of many legitimate servers as the their CA certificates routinely expire and are updated with new ones - likely forever as I understand it now. This reduces the pool of legitimate servers a client can reach and therefore increases the risk of connecting to a malicious server.
Is there any way to have Electrum prefer a validated (CA) certificate over its locally stored cache if the cached cert is self-signed or outdated and then update the cache with the current valid CA certificate? How does any Electrum client continue to reach a server after its CA certificate expires and it is updated? LetsEncrypt certs expire every 90 days. My feeling is that anything that increases access to legitimate servers (which a sybil almost certainly would not have a CA cert attached) will be a win for users.
I haven't delved deep into the certificate handling code of Electrum. If it is not something that can be altered easily, would a PR for this be considered?
The text was updated successfully, but these errors were encountered:
Uggh, so no easy answer. Choices seem to be a) use a self-signed cert available to anyone (including rogues) or b) use a real cert and lock everybody out when it expires.
Thanks for the feedback before I put any more time into "fixing" it.
use a real cert and lock everybody out when it expires.
Please read my links. If you use CA signed certs, expiry does not really matter. CA signed certs do not get pinned, only the fact that the server is using CA signed certs (boolean).
My original public ElectrumX server (now private) had a self-signed certificate that I recently changed over to a CA certificate (LetsEncrypt) in the consideration of a possible move back to a public server. Now any client that had previously connected to it can no longer connect as the client has a copy of the self-signed certificate in its cache.
My particular case is not a huge issue but I'm thinking that there are millions of users locked out of many legitimate servers as the their CA certificates routinely expire and are updated with new ones - likely forever as I understand it now. This reduces the pool of legitimate servers a client can reach and therefore increases the risk of connecting to a malicious server.
Is there any way to have Electrum prefer a validated (CA) certificate over its locally stored cache if the cached cert is self-signed or outdated and then update the cache with the current valid CA certificate? How does any Electrum client continue to reach a server after its CA certificate expires and it is updated? LetsEncrypt certs expire every 90 days. My feeling is that anything that increases access to legitimate servers (which a sybil almost certainly would not have a CA cert attached) will be a win for users.
I haven't delved deep into the certificate handling code of Electrum. If it is not something that can be altered easily, would a PR for this be considered?
The text was updated successfully, but these errors were encountered: