Project

General

Profile

Actions

Todo #63

closed

Change web interface default to HTTPS

Added by Chris Buechler over 15 years ago. Updated almost 15 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
08/26/2009
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

The web interface needs to change to HTTPS by default, probably with an auto redirect from HTTP to HTTPS to avoid user error support issues and invalidating all the existing information across the Internet.

A self-signed cert will have to be generated at first boot for new installs.

Actions #1

Updated by Scott Ullrich over 15 years ago

Are we proposing that HTTP no longer function as the webConfigurator and simply redirects to https?

What happens if the certificate somehow gets corrupted?

This is a novel idea but I question if we want this in 2.0. 3.0 seems more appropriate for this risky of a change.

Actions #2

Updated by Jim Pingle over 15 years ago

In this scenario would there also be a way to change back to HTTP if the user so chooses?

The way that browsers freak out these days about self-signed certificates, it might be a good idea to at least have it switch during the setup wizard, perhaps with some warning (and a means to opt out of the change?) as to what is about to happen.

At least at that point it should be fairly secure, since access to the interface would only be coming from the LAN.

Actions #3

Updated by Scott Ullrich about 15 years ago

  • Priority changed from Normal to Very Low
Actions #4

Updated by Chris Buechler about 15 years ago

  • Priority changed from Very Low to Normal

This is important for 2.0. Not one modern security appliance ships defaulted to HTTP. It's fine to allow people to switch back to HTTP if they so desire, but the majority run with the defaults from what I've seen, and we shouldn't have such an inappropriate default. There shouldn't ever be certificate problems (there are at this moment, granted, but once that bug is fixed it should be impossible to see cert problems aside from new bugs), but Set LAN IP can offer to revert to HTTP in such a case.

Actions #5

Updated by Scott Ullrich about 15 years ago

  • Status changed from New to Feedback

Committed. Seems to work. Please test.

Actions #6

Updated by Chris Buechler about 15 years ago

  • Status changed from Feedback to New

This works, but it needs to generate the cert at first boot as stated. Using a hard coded default cert is a major security problem, the cert cannot be publicly available.

Actions #7

Updated by Scott Ullrich about 15 years ago

I disagree with this. I do not think it is a good thing to need to prompt the user for 7+ items (cert authority items) on bootup to gain access to the webConfigurator.

Actions #8

Updated by Chris Buechler about 15 years ago

Don't have to prompt for anything, can generate a self-signed cert on the fly without any prompting. Just run:

openssl genrsa 1024 > ssl.key
chmod 400 ssl.key
openssl req -new -x509 -nodes -sha1 -days 365 -key ssl.key > ssl.crt
chmod 400 ssl.crt

HTTPS with a key that's public provides 0 security, and worse, implies security.

Actions #9

Updated by Scott Ullrich about 15 years ago

So generate a key outside of the new cert framework. Got it.

Actions #10

Updated by Scott Ullrich almost 15 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
Actions #11

Updated by Chris Buechler almost 15 years ago

  • Status changed from Resolved to New
  • % Done changed from 100 to 90

This isn't quite done, to avoid support issues we need to redirect from HTTP to HTTPS (as a few other similar projects do) by default, with an option to disable. I have the config changes needed done, but need lighty's mod_redirect included in the builds before that can be committed.

need:
/usr/local/lib/lighttpd/mod_redirect.*

Also, lighttpd is 1.4.23, and 1.4.25 is the current FreeBSD port. 1.4.25 has many bug fixes, so we should probably bump the version.

Actions #12

Updated by Scott Ullrich almost 15 years ago

We already have 1.4.25

builder# cd /home/pfsense/tools/pfPorts/lighttpd/
builder# cat Makefile | grep VERSION
PORTVERSION= 1.4.25

Actions #13

Updated by Chris Buechler almost 15 years ago

That's not what is in 2.0 snapshots.

[]/root(1):lighttpd -v
lighttpd/1.4.23 (ssl) - a light and fast webserver
Build-Date: Nov 5 2009 17:41:08
[]/root(2):cat /etc/version
2.0-BETA1
[]/root(3):uname -a
FreeBSD pfS2.0-scratch1.buechler.local 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Sat Dec 26 10:16:35 EST 2009 sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386

Actions #14

Updated by Chris Buechler almost 15 years ago

Trying that again.

[root@pfS2.0-scratch1.buechler.local]/root(1):lighttpd -v
lighttpd/1.4.23 (ssl) - a light and fast webserver
Build-Date: Nov  5 2009 17:41:08
[root@pfS2.0-scratch1.buechler.local]/root(2):cat /etc/ver
version             version.lastcommit  version_kernel      
version.buildtime   version_base        
[root@pfS2.0-scratch1.buechler.local]/root(2):cat /etc/version
2.0-BETA1
[root@pfS2.0-scratch1.buechler.local]/root(3):uname -a
FreeBSD pfS2.0-scratch1.buechler.local 8.0-RELEASE-p1 FreeBSD 8.0-RELEASE-p1 #0: Sat Dec 26 10:16:35 EST 2009     sullrich@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8  i386
Actions #15

Updated by Scott Ullrich almost 15 years ago

  • Status changed from New to Feedback

Should be the latest on the snap just posted.

Actions #16

Updated by Chris Buechler almost 15 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100
Actions

Also available in: Atom PDF