WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Secure Extensions site  (Read 1643 times)

Offline innominate

  • Newbie
  • *
  • Posts: 12
Secure Extensions site
« on: July 30, 2013, 09:36:06 AM »
Greetings,

It looks like none of the mirrors for extensions use SSL.  Is there support for this in tce-load?

I'm concerned about this being exposed as a weak point in a security audit I'm undergoing so general thoughts on this would be very welcome.

Cheers,
Dave

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: Secure Extensions site
« Reply #1 on: July 30, 2013, 09:49:53 AM »
For one, there is no ssl included in base.
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11050
Re: Secure Extensions site
« Reply #2 on: July 30, 2013, 02:20:48 PM »
Given the extensions are public data, the only other info going over the wire is the fact you're requesting this or that extension. For identifying the mirror as genuine, depends on whether your adversaries have access to CA certs ;)

But as tinypoodle said, no SSL support in the base. It'd be about a meg for a SSL lib, then another meg for a list of CA certs and revocations.
« Last Edit: July 30, 2013, 02:23:07 PM by curaga »
The only barriers that can stop you are the ones you create yourself.