WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki
« previous next »
Pages: [1]   Go Down

Author Topic: Secure Extensions site  (Read 1578 times)

Offline innominate

  • Newbie
  • *
  • Posts: 12
Secure Extensions site
« on: July 30, 2013, 09:36:06 AM »
Greetings,

It looks like none of the mirrors for extensions use SSL.  Is there support for this in tce-load?

I'm concerned about this being exposed as a weak point in a security audit I'm undergoing so general thoughts on this would be very welcome.

Cheers,
Dave
Logged

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: Secure Extensions site
« Reply #1 on: July 30, 2013, 09:49:53 AM »
For one, there is no ssl included in base.
Logged
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11035
Re: Secure Extensions site
« Reply #2 on: July 30, 2013, 02:20:48 PM »
Given the extensions are public data, the only other info going over the wire is the fact you're requesting this or that extension. For identifying the mirror as genuine, depends on whether your adversaries have access to CA certs ;)

But as tinypoodle said, no SSL support in the base. It'd be about a meg for a SSL lib, then another meg for a list of CA certs and revocations.
« Last Edit: July 30, 2013, 02:23:07 PM by curaga »
Logged
The only barriers that can stop you are the ones you create yourself.
Pages: [1]   Go Up
« previous next »