[Xastir] https server is now operational
Tom Hayward
esarfl at gmail.com
Wed Jun 25 13:28:21 EDT 2014
On Wed, Jun 25, 2014 at 7:32 AM, Eric H. Christensen
<eric at christensenplace.us> wrote:
> Also, it appears that the server supports EXPORT cipher suites. I'd recommend just supporting HIGH ciphers.
Thinking a little more outside the box, how about supporting null
cipher, for those users coming from from ham RF networks? By
supporting HIGH and eNULL, the browser gets to choose. Most browsers
will choose HIGH, unless the ham has specifically configured their
browser not to allow encryption.
How is this secure compared to plain text http?
1) The remote server is authenticated (not currently the case, because
Curt did not tell us which self-signed cert to expect. Maybe he could
send a PGP-signed message to let us know what key to expect on the
server, or get his cert signed by one of the free, trusted CAs like
StartCom)
2) You can turn on SSL client authentication and use it in lieu of
passwords. There's a MediaWiki extension for this:
http://www.mediawiki.org/wiki/Extension:SSL_authentication, and the
ARRL signs certificates, free (free wold-wide, regardless of
membership), that can be trusted more than a CAPTCHA.
Tom KD7LXL
More information about the Xastir
mailing list