xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Changes between Version 7 and Version 8 of Encryption


Ignore:
Timestamp:
08/09/16 04:10:01 (5 years ago)
Author:
Antoine Martin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Encryption

    v7 v8  
    8282[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
    8383}}}
    84 temporarily add {{{--ssl-server-verify-mode=none}}} to your client command line.
     84'''temporarily''' add {{{--ssl-server-verify-mode=none}}} to your client command line.
    8585}}}
     86
     87
     88{{{
     89== Securing with self signed certificates ==
     90
     91See [https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software] and [https://blog.sucuri.net/2016/03/beware-unverified-tls-certificates-php-python.html Beware of Unverified TLS Certificates in PHP & Python].
     92See also: [https://lwn.net/Articles/666353/ Fallout from the Python certificate verification change].
     93
     94Since the server certificate will not be signed by any recognized certificate authorities, you will need to send the ca_cert file to the client via some other means... This will no be handled by xpra, it simply cannot be. (same as the AES key, at which point... you might as well use AES)
     95
     96See [https://carlo-hamalainen.net/blog/2013/1/24/python-ssl-socket-echo-test-with-self-signed-certificate Python SSL socket echo test with self-signed certificate] for generating this x509 keystore. (''server.crt'' in this example).
     97}}}