cve_server icon indicating copy to clipboard operation
cve_server copied to clipboard
verified publisher icon SpiderLabs

Consider making cve_server serve HTTPS by default

Open claudijd opened this issue 9 years ago • 1 comments

Creating this because I noticed all the default URLs are HTTP, which could be MiTM'd.

Maybe cve_server could be adapted to support LetsEncrypt using something like this:

https://github.com/unixcharles/acme-client

By default maybe it could serve a self-signed certificate as a fall-back, but there could be a STDERR/STDOUT nag upon invocation for setting the users specific LetsEncrypt API key.

claudijd avatar May 09 '16 04:05 claudijd

Hi @claudijd,

We already are getting the XML files over https connections. @jnahorny fixed that some days ago.

https://github.com/SpiderLabs/cve_server/pull/17/commits/a9d6b4a62c1ad0e6172d923a274ea5c9d233d857

We are need are gonna dig on the acme-client.

Thank you for the advice.

Cheerz Sr. Claudius

karmatr0n avatar May 16 '16 15:05 karmatr0n