Comments (6)
Waiting on this: jfromaniello/selfsigned#35
from bankai.
It's definitely sub-optimal to be failing because the key is too weak. Any secured linux distro will enforce the SSL DEFAULT@SECLEVEL=2
, and compromising the security of the whole system for the sake of one module seems problematic.
This appears to be a NodeJS core TLS module issue?
from bankai.
Actually I just noticed selfsigned
hardcodes one side of the cert to be 1024
. I am making a PR to that project to respect keySize for both keys, which we should wait for before considering this fixed.
from bankai.
I think bankai's createKeys
function can probably be updated to fix this somehow? I don't really know what it would look like, but if anyone's interested in trying to contribute a fix, this is probably the place to investigate!
Lines 110 to 179 in 858a25b
from bankai.
Looks like a fix was pre-emptively attempted in the past, but a typo led to it not working (keySize
rather than days
should have been set to 2048
).
It's better to have keys expire frequently BTW, especially in this sort of situation where they are easily regenerated by trusted applications. I'd recommend using a 90 day expiry the same as LetsEncrypt. This protects to some extent against key exfiltration by malware, bots etc. by limit the amount of time an exfiltrated key can be used maliciously.
PR incoming...
from bankai.
Turns out the default expiration for selfsigned, which is doing the cert generation, is 30 days, which is more secure. So in my PR I've just switched days
for keySize
, meaning days will default to 30 which I suspect was the intention of the original edit.
from bankai.
Related Issues (20)
- Bankai's forced TLS makes developing for Beaker Browser difficult HOT 3
- Question: Deployment On AWS HOT 4
- Feature request: generate csp headers for inlined scripts and style
- Using a proxy in front of Bankai fails due to too many 301 redirects
- Production build served from a subfolder HOT 1
- Server Side Rendering Skipped due to error: window is not defined HOT 4
- bundle.js & bundle.css are in hashed folders
- bankai.documents doesn't actually take an options parameter HOT 1
- 🔦 Static exports? HOT 1
- Seamless HTTPS without certificate warnings: integrate nodecert/https-server HOT 3
- Test #163 failing (on Ubuntu 18.10, Node v10.14.2) HOT 3
- 🙋Use Custom HTML Body for Server Side Rendering for non-Choo apps
- problem bundling hypercore: 'require is not defined' HOT 4
- Babel 7 support HOT 2
- Error: choo.mount: could not query selector HOT 1
- 🐛 `.documents`: Documented API missing HOT 1
- experimental prefetch help
- nanohtml transform is not applied to code transpiled from Typescript with esModuleInterop
- import scss files
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bankai.