AdGuardHome icon indicating copy to clipboard operation
AdGuardHome copied to clipboard
verified publisher icon AdguardTeam

SSL Pinning function

Open ammnt opened this issue 3 years ago • 2 comments

Prerequisites

  • [X] I have checked the Wiki and Discussions and found no answer

  • [X] I have searched other issues and found no duplicates

  • [X] I want to request a feature or enhancement and not ask a question

Description

Hello,

please add SSL pinning. Now I use NGINX as reverse proxy to solve this problem🙏🏼

Thank you. Best regards😙

ammnt avatar Aug 03 '22 17:08 ammnt

IMHO nginx is best place for ssl pining.

centralhardware avatar Aug 08 '22 03:08 centralhardware

I agree. I think that there should either be 2 SSL certificates - one for GUI and one for domain resolution via DoH/DoT or an option to disable domain resolution via DoH/DoT, but preserve SSL encryption exclusively for GUI login. Routers use separate certificates for separate functions (server, bridge, guest captive portal, etc). It is actually less confusing and more secure that way.

I also think that for GUI login AGH team should create a key store that generates random self-signed SSL certificates during AGH setup.

SSJPKXL avatar Aug 08 '22 14:08 SSJPKXL