Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloudflare's certificate sharing #91

Closed
Hunter-Github opened this issue Apr 29, 2015 · 2 comments
Closed

Cloudflare's certificate sharing #91

Hunter-Github opened this issue Apr 29, 2015 · 2 comments

Comments

@Hunter-Github
Copy link

The choice of certificate is rather unfortunate. The SANs are shared with, among others:

  • icanhazmeow.com
  • warezfiles.ru

It's weird to see a site dedicated to keeping secrets co-located with a "warez" host. The server gets an A grade from Qualys, and no one complained about CloudFlare so far, but the co-tenancy is kinda risky (see https://security.stackexchange.com/a/37038/13820).
@sethvargo
Copy link
Contributor

Hi @Hunter-Github

Thank you for opening an issue. I definitely understand your concerns about the shared certificate. We use CloudFlare as our CDN. We also value the importance of secured connections, so we want to run Vault's website over SSL. However, given that no secure information is exchanged via the website, I think the attack framework here is rather small. Obviously you would never run a Vault server on a shared certificate, but for the purposes of a product website, I think it is fine. What do you think?

@Hunter-Github
Copy link
Author

I can see your perspective now. Thanks a bunch for answering.

@wuub wuub mentioned this issue Aug 31, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sethvargo @Hunter-Github