Support TLS when talking to backend APIs #92

michaelweiser · 2019-08-05T12:30:37Z

Now that we're actually doing authentication when talking to the Cuckoo API (#91) the next logical step is to make sure we're talking to the right server and encrypt the connection so the authentication token isn't compromised. Both would be handled by switching the API connection to HTTPS.

This might be possible without any code change by adjusting the url parameter in peekaboo.conf:cuckoo. It would require the CA cert of the Cuckoo API's certificate to be in the system-wide cert store, though. Since it's an internal backend connection, users will likely want to use self-signed or non-offical-CA-signed certificates for it. So we should at the very least allow an alternate CA cert path.

Additionally, when using an official CA we should account for certificate revocation and therefore allow configuration and checking of a CRL or OCSP responder (Phew but the right way to do it[tm] IMO).

The text was updated successfully, but these errors were encountered:

michaelweiser added the enhancement label Aug 5, 2019

michaelweiser added this to the 2.0 milestone Aug 5, 2019

Jack28 modified the milestones: 2.0, 2.1 Aug 27, 2019

michaelweiser modified the milestones: 2.1, 2.2 Mar 16, 2022

michaelweiser changed the title ~~Support TLS when talking to Cuckoo API~~ Support TLS when talking to backend APIs Mar 16, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support TLS when talking to backend APIs #92

Support TLS when talking to backend APIs #92

michaelweiser commented Aug 5, 2019

Support TLS when talking to backend APIs #92

Support TLS when talking to backend APIs #92

Comments

michaelweiser commented Aug 5, 2019