Date: Fri, 06 Feb 2015 18:01:32 +0100 From: Crest <crest@rlwinm.de> To: freebsd-ports@freebsd.org Subject: Re: pkg and https-based repo with self-signed cert Message-ID: <54D4F36C.6050401@rlwinm.de> In-Reply-To: <20150205205253.GQ44537@home.opsec.eu> References: <20150205205253.GQ44537@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05.02.2015 21:52, Kurt Jaeger wrote: > Hi! > > How do I get pkg to accept a self-signed cert if the repo is running > under https ? > > Thanks for any hints! There is no need to use TLS as transport encryption, because repos can be signed. It's not only more efficient to transport unencrypted signed files than relying on transport encryption it also allows repos to be replicated to untrusted mirrors and proxies. There is no harm in encrypting your HTTP transfers with TLS if your package mirror enough CPU power to spare. You gain little by encrypting your package downloads because a passive attacker can still fingerprint the fetched packages by their size and dependencies.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54D4F36C.6050401>