Implement SSL for connections

[timgws]

Currently, there is no SSL on the HTTP API/Websocket connection.

[pataquets]

Would be nice to have, indeed. Sending keystrokes over LAN (which will include passwords) is very risky if you have some nasty eavesdropper.
Some kind of pairing/trusting process to safely exchange keys would be OK.

[timgws]

We do not send keystrokes over WebSockets at the moment, all key presses are sent over USB. This is not as serious an issue as is being made out.

Sending keystrokes over LAN (which will include passwords) is very risky if you have some nasty eavesdropper.

We don't ever do this. The KVM controller (eg, https://connectpro.com/products/udp2-14ap-displayport-1-4-kvm-switch-for-dual-monitors-and-4-systems) is responsible for sending keys directly to the machine over USB. What we (currently) don't do, is send the requests for swapping the inputs over SSL. This is much less of a security issue, however, still should be resolved by moving the websocket connection to https.