Mikaela/Limnoria-doc
1
0
Fork 0
mirror of https://github.com/Mikaela/Limnoria-doc.git synced 2024-12-29 06:42:33 +01:00
Code Issues Projects Releases Wiki Activity

Add some background on cert validation.

Browse Source
This commit is contained in:
Valentin Lorentz 2016-02-24 18:45:28 +01:00
parent f6b9c19dc8
commit 574b1269dc
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
use/security.rst
View File

@ -24,7 +24,22 @@ Network connections / SSL
Background on SSL certification validation
------------------------------------------
to do
It is often believed using SSL magically makes impossible any attack on your
connection (from the bot to the server).
It is true that it prevents passive eavesdropping, but other attack methods
are still possible.
The main one involves man-in-the-middle, ie. someone acting as a proxy between
you (your bot, in that case) and the IRC network.
If certificates are not validated, the attacker can allow you to connect
to itself using their own SSL certificate, and you would never know about it.
This is why it is important to check the SSL certificate of the server
you connect to: an attacker cannot spoof a certificate, or the trust of
a Certificate Authority in a network's certificates.
Of course, this assumes there is no bug in your SSL library, the network's,
and the protocols involved.
Certificate validation in Limnoria
----------------------------------