[Tickets #13730] Implementation of peer verification in TLS connections

noreply at bugs.horde.org noreply at bugs.horde.org
Mon Dec 1 00:02:59 UTC 2014 

BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE  
E-MAIL-ADRESSE WERDEN NICHT GELESEN.

Ticket-URL: https://bugs.horde.org/ticket/13730
------------------------------------------------------------------------------
  Ticket           | 13730
  Erstellt Von     | m_horde at secure.mailbox.org
  Zusammenfassung  | Implementation of peer verification in TLS connections
  Warteschlange    | Horde Framework Packages
  Typ              | Enhancement
  Status           | New
  Priorität        | 1. Low
  Milestone        |
  Patch            | 1
  Zuständige       |
------------------------------------------------------------------------------


m_horde at secure.mailbox.org (2014-12-01 00:02) hat geschrieben:

Horde does not verify the peer certificate during TLS handshake and  
accepts all ciphers when acting as client. This is probably to enable  
self-signed certificates. However, in an environment where a secure  
connection matters this behavior is not acceptable. Therefore I added  
the possibility to enable peer verification and cipher selection. This  
options can be found in the openssl tab in horde's configuration. If  
enabled, this options will be used by client.php to verify the peer  
certificate during the TLS handshake.

=== Benefits and Limitations ===
The main benefit is to enforce a secure connection between the server  
running horde and the backend server. Other security meassurements  
(e.g. fingerprint checking) provided by PHP are not part of this  
implementation.

=== Regressions ===
The patch was only checked with an IMAP server as backend. However,  
the changes have no effect until the peer verification is deliberately  
enabled. So, there should not be any regressions.



m_horde at secure.mailbox.org (2014-12-01 00:02) hat hochgeladen:  
0001-Implementation-of-peer-verification-in-TLS-connectio.patch

https://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=0001-Implementation-of-peer-verification-in-TLS-connectio.patch&ticket=13730&fn=%2F0001-Implementation-of-peer-verification-in-TLS-connectio.patch

More information about the bugs mailing list