[GH-ISSUE #77] SSL only updates #78

New issue

Closed

opened 2026-02-26 09:35:25 +03:00 by kerem · 4 comments

kerem commented

2026-02-26 09:35:25 +03:00

Owner

Originally created by @ThomasWaldmann on GitHub (Nov 5, 2013).
Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/77

Option for host to disallow updates via http - making it SSL-updateable only.

https://github.com/asmaps/hopper.pw/issues/4

Originally created by @ThomasWaldmann on GitHub (Nov 5, 2013). Original GitHub issue: https://github.com/nsupdate-info/nsupdate.info/issues/77 Option for host to disallow updates via http - making it SSL-updateable only. https://github.com/asmaps/hopper.pw/issues/4

kerem

2026-02-26 09:35:25 +03:00

closed this issue
added the
enhancement

needs help

security
labels

kerem commented

2026-02-26 09:35:26 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 6, 2013):

Hmm, after thinking about it: is it really helpful?

If it is a per-host setting, the server would still listen to http updates. So if your router is insecurely configured or misbehaved, your password would go over the wire to the http service first (and then would be rejected as the host setting says SSL-only).

We currently display whether the updates are SSL or not in the hosts list, so it is the question what we would win with that setting.

@ThomasWaldmann commented on GitHub (Nov 6, 2013): Hmm, after thinking about it: is it really helpful? If it is a per-host setting, the server would still listen to http updates. So if your router is insecurely configured or misbehaved, your password would go over the wire to the http service first (and then would be rejected as the host setting says SSL-only). We currently display whether the updates are SSL or not in the hosts list, so it is the question what we would win with that setting.

kerem commented

2026-02-26 09:35:26 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 16, 2013):

looks like the only application of this is if the host on the service gets configured/created by someone else than the router / update-client. with a ssl-only setting, you could FORCE the one configuring the router to use SSL, because nothing else would work.
if the router does not support SSL (and/or SNI), it would not work at all, though.

@ThomasWaldmann commented on GitHub (Nov 16, 2013): looks like the only application of this is if the host on the service gets configured/created by someone else than the router / update-client. with a ssl-only setting, you could FORCE the one configuring the router to use SSL, because nothing else would work. if the router does not support SSL (and/or SNI), it would not work at all, though.

kerem commented

2026-02-26 09:35:26 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Nov 27, 2013):

will close this as wontfix 3/2014 - except if someone really needs this and gives reasons here.

@ThomasWaldmann commented on GitHub (Nov 27, 2013): will close this as wontfix 3/2014 - except if someone really needs this and gives reasons here.

kerem commented

2026-02-26 09:35:26 +03:00

Author

Owner

@ThomasWaldmann commented on GitHub (Mar 9, 2014):

won't fix, see above

@ThomasWaldmann commented on GitHub (Mar 9, 2014): won't fix, see above

kerem referenced this issue

2026-02-26 10:31:53 +03:00

[PR #431] [MERGED] Integrate new logo #508