Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

加密连接使用CA证书? #507

Closed
snowie2000 opened this issue Apr 15, 2020 · 0 comments
Closed

加密连接使用CA证书? #507

snowie2000 opened this issue Apr 15, 2020 · 0 comments
Labels
bug Something isn't working

Comments

@snowie2000
Copy link
Contributor

经过代码查看,我确定当选择加密时,nps会默认使用server.pem和server.key来进行tls连接。
但是,这些证书并不是动态生成的,默认情况下所有人使用的都是同一个证书,这就存在严重的安全隐患,大多数人并不会自己去用openssl生成一张证书。

另外nps自带的证书居然是一张ca证书?用ca证书做加解密这个操作真是很难看懂。

建议方案:

  • 不要使用tls方式,使用类似frp的aes加密,密码使用token等
  • 动态生成证书和密钥,保证每人不同
  • 不提供默认证书,在安装时调用openssl生成
@snowie2000 snowie2000 added the bug Something isn't working label Apr 15, 2020
@snowie2000 snowie2000 mentioned this issue Apr 15, 2020
Closed
kiririx pushed a commit to kiririx/nps that referenced this issue Jul 26, 2022
@ffdfgdfg
Merge pull request ehang-io#522 from ehang-io/pull/508, close ehang-i…
2153b62 
…o#507

Pull/508
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@snowie2000