Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Insecure default connection to hologram server? #72

Open
copumpkin opened this issue Feb 16, 2016 · 3 comments
Open

Insecure default connection to hologram server? #72

copumpkin opened this issue Feb 16, 2016 · 3 comments

Comments

@copumpkin
Copy link
Contributor

From here: https://github.com/AdRoll/hologram/blob/master/transport/remote/client.go#L37-L42

    tlsConf := &tls.Config{
        RootCAs: pool,
        // Hologram only uses TLS to ensure the credentials that go across the wire are kept secret, and since go uses
        // ECDHE by default, we actually don't care about leaking keys or authenticating either end of the connection.
        InsecureSkipVerify: true,
    }

Is that a reasonable assumption? Does it allow MITM-ing the hologram server connection?

@copumpkin
Copy link
Contributor Author

Anyone?

@BillMedernach
Copy link
Contributor

Good catch. I don't think is a reasonable assumption. The reason being that if we aren't authenticating the connection, then we could be doing ECDHE with a MITM which would mean a MITM could acquire the credentials that are sent.

@copumpkin
Copy link
Contributor Author

That's what I thought. Here's what would make me happy: the server optionally listens with no SSL. I already run this thing behind an AWS ELB, and could just terminate SSL at the ELB and use a managed certificate on that side. The client should check certificates by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants