nmcontrol icon indicating copy to clipboard operation
nmcontrol copied to clipboard
verified publisher icon namecoin

REST TLS code uses bad TLS settings

Open JeremyRand opened this issue 10 years ago • 0 comments

As discussed in https://github.com/namecoin/nmcontrol/pull/49 , the REST TLS code (not yet merged, but probably will be merged soon) supports old SSL/TLS versions and weak and non-forward-secret ciphersuites. I have some untested code that should mostly fix this (and also includes a test script using SSLLabs):

https://github.com/JeremyRand/nmcontrol/commit/7226650438a1470aea583e48656f64972867c4c6

However, it needs Python 2.7.9 or Python 3.4. So, we should revisit this once we support Python 3, or once 2.7.9 is supported in more systems (Fedora 21 is using 2.7.8 as of this writing). In the meantime, we should make it absolutely clear to end users that they should NOT be using HTTPS with REST.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/8186941-rest-tls-code-uses-bad-tls-settings?utm_campaign=plugin&utm_content=tracker%2F435873&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F435873&utm_medium=issues&utm_source=github).

JeremyRand avatar Jan 31 '15 20:01 JeremyRand