[Tickets #13730] Implementation of peer verification in TLS connections
noreply at bugs.horde.org
noreply at bugs.horde.org
Mon Dec 1 00:02:59 UTC 2014
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: https://bugs.horde.org/ticket/13730
------------------------------------------------------------------------------
Ticket | 13730
Erstellt Von | m_horde at secure.mailbox.org
Zusammenfassung | Implementation of peer verification in TLS connections
Warteschlange | Horde Framework Packages
Typ | Enhancement
Status | New
Priorität | 1. Low
Milestone |
Patch | 1
Zuständige |
------------------------------------------------------------------------------
m_horde at secure.mailbox.org (2014-12-01 00:02) hat geschrieben:
Horde does not verify the peer certificate during TLS handshake and
accepts all ciphers when acting as client. This is probably to enable
self-signed certificates. However, in an environment where a secure
connection matters this behavior is not acceptable. Therefore I added
the possibility to enable peer verification and cipher selection. This
options can be found in the openssl tab in horde's configuration. If
enabled, this options will be used by client.php to verify the peer
certificate during the TLS handshake.
=== Benefits and Limitations ===
The main benefit is to enforce a secure connection between the server
running horde and the backend server. Other security meassurements
(e.g. fingerprint checking) provided by PHP are not part of this
implementation.
=== Regressions ===
The patch was only checked with an IMAP server as backend. However,
the changes have no effect until the peer verification is deliberately
enabled. So, there should not be any regressions.
m_horde at secure.mailbox.org (2014-12-01 00:02) hat hochgeladen:
0001-Implementation-of-peer-verification-in-TLS-connectio.patch
https://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=0001-Implementation-of-peer-verification-in-TLS-connectio.patch&ticket=13730&fn=%2F0001-Implementation-of-peer-verification-in-TLS-connectio.patch
More information about the bugs
mailing list