hologram icon indicating copy to clipboard operation
hologram copied to clipboard
verified publisher icon AdRoll

Insecure default connection to hologram server?

Open copumpkin opened this issue 9 years ago • 3 comments

From here: https://github.com/AdRoll/hologram/blob/master/transport/remote/client.go#L37-L42

    tlsConf := &tls.Config{
        RootCAs: pool,
        // Hologram only uses TLS to ensure the credentials that go across the wire are kept secret, and since go uses
        // ECDHE by default, we actually don't care about leaking keys or authenticating either end of the connection.
        InsecureSkipVerify: true,
    }

Is that a reasonable assumption? Does it allow MITM-ing the hologram server connection?

copumpkin avatar Feb 16 '16 20:02 copumpkin

Anyone?

copumpkin avatar Mar 11 '16 14:03 copumpkin

Good catch. I don't think is a reasonable assumption. The reason being that if we aren't authenticating the connection, then we could be doing ECDHE with a MITM which would mean a MITM could acquire the credentials that are sent.

BillMedernach avatar Mar 11 '16 20:03 BillMedernach

That's what I thought. Here's what would make me happy: the server optionally listens with no SSL. I already run this thing behind an AWS ELB, and could just terminate SSL at the ELB and use a managed certificate on that side. The client should check certificates by default.

copumpkin avatar Mar 11 '16 20:03 copumpkin