Tiny Core Linux

Tiny Core Extensions => TCE Talk => Topic started by: innominate on July 30, 2013, 09:36:06 AM

Title: Secure Extensions site
Post by: innominate on July 30, 2013, 09:36:06 AM
Greetings,

It looks like none of the mirrors for extensions use SSL.  Is there support for this in tce-load?

I'm concerned about this being exposed as a weak point in a security audit I'm undergoing so general thoughts on this would be very welcome.

Cheers,
Dave
Title: Re: Secure Extensions site
Post by: tinypoodle on July 30, 2013, 09:49:53 AM
For one, there is no ssl included in base.
Title: Re: Secure Extensions site
Post by: curaga on July 30, 2013, 02:20:48 PM
Given the extensions are public data, the only other info going over the wire is the fact you're requesting this or that extension. For identifying the mirror as genuine, depends on whether your adversaries have access to CA certs ;)

But as tinypoodle said, no SSL support in the base. It'd be about a meg for a SSL lib, then another meg for a list of CA certs and revocations.