[GH-ISSUE #6] Require encrypted gRPC communication #3

New issue

Open

opened 2026-02-25 22:30:56 +03:00 by kerem · 0 comments

kerem commented

2026-02-25 22:30:56 +03:00

Owner

Originally created by @evenh on GitHub (Jan 20, 2019).
Original GitHub issue: https://github.com/evenh/intercert/issues/6

Currently insecure communication (no TLS) is used between the client and the server. This is bad a security related application :trollface:

A suggested fix would be to:

Extend server configuration to include properties for supplying a certificate + private key. The client configuration should include configuration for specifying a public key.
Bundle a hardcoded/generated TLS cert for using without explicit configuring custom TLS certs. When used in this mode, a very prominent warning should be logged both on the server and in the client, to encourage users to supply their own certs.

Originally created by @evenh on GitHub (Jan 20, 2019). Original GitHub issue: https://github.com/evenh/intercert/issues/6 Currently insecure communication (no TLS) is used between the client and the server. This is bad a security related application :trollface: A suggested fix would be to: 1. Extend server configuration to include properties for supplying a certificate + private key. The client configuration should include configuration for specifying a public key. 2. Bundle a hardcoded/generated TLS cert for using without explicit configuring custom TLS certs. When used in this mode, a very prominent warning should be logged both on the server and in the client, to encourage users to supply their own certs.