intercert
intercert copied to clipboard
Require encrypted gRPC communication
Currently insecure communication (no TLS) is used between the client and the server. This is bad a security related application :trollface:
A suggested fix would be to:
- Extend server configuration to include properties for supplying a certificate + private key. The client configuration should include configuration for specifying a public key.
- Bundle a hardcoded/generated TLS cert for using without explicit configuring custom TLS certs. When used in this mode, a very prominent warning should be logged both on the server and in the client, to encourage users to supply their own certs.