Certificates protection? #1419
-
|
Hello i'm not very into the subject but as far as i understand when using rssguard there is no protection like Certificates Pinning or similar, Clawmail and some other clients have a feature where it ask you to trust new certificate each time it change, i thinkl the feature was introduced before certificate pinning came as a feature but at least it don't require the server to support it. Do that mean an rogue public wifi or tor exit node could just replace the certificate of an remote tinyrss server or other online accounts to get the account details? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi. Yes, in RSS Guard all certificates are trusted by default. While I know that it "may" pose security problem, this feature was not really requested by more people. And to compromise HTTPS traffic, an attacker would have to hijack/infect your DNS setup somehow and redirect your traffic from your original tintinyrss address to fake one, have fake ttrss running etc. Its not really that easy. |
Beta Was this translation helpful? Give feedback.
Hi.
Yes, in RSS Guard all certificates are trusted by default. While I know that it "may" pose security problem, this feature was not really requested by more people.
And to compromise HTTPS traffic, an attacker would have to hijack/infect your DNS setup somehow and redirect your traffic from your original tintinyrss address to fake one, have fake ttrss running etc. Its not really that easy.