Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

加密连接使用CA证书? #507

Closed
snowie2000 opened this issue Apr 15, 2020 · 0 comments
Closed

加密连接使用CA证书? #507

snowie2000 opened this issue Apr 15, 2020 · 0 comments
Labels
bug Something isn't working

Comments

@snowie2000
Copy link
Contributor

经过代码查看,我确定当选择加密时,nps会默认使用server.pem和server.key来进行tls连接。
但是,这些证书并不是动态生成的,默认情况下所有人使用的都是同一个证书,这就存在严重的安全隐患,大多数人并不会自己去用openssl生成一张证书。

另外nps自带的证书居然是一张ca证书?用ca证书做加解密这个操作真是很难看懂。

建议方案:

  • 不要使用tls方式,使用类似frp的aes加密,密码使用token等
  • 动态生成证书和密钥,保证每人不同
  • 不提供默认证书,在安装时调用openssl生成
@snowie2000 snowie2000 added the bug Something isn't working label Apr 15, 2020
@snowie2000 snowie2000 mentioned this issue Apr 15, 2020
Closed
kiririx pushed a commit to kiririx/nps that referenced this issue Jul 26, 2022
@ffdfgdfg
Merge pull request ehang-io#522 from ehang-io/pull/508, close ehang-i…
2153b62 
…o#507

Pull/508
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@snowie2000