[Nut-upsdev] NUT I-D: Unencrypted communication

Manuel Wolfshant wolfy at nobugconsulting.ro
Mon Jan 3 12:23:26 GMT 2022

On 1/3/22 14:17, Roger Price wrote:
> I have received a comment from a embedded Windows XP user, concerned 
> at being forced to use TLS encrypted communication by low budget "RFC 
> conforming" UPS units which do not allow unencrypted communication.
I guess you meant _encrypted communication_ here
> Section 4.2.12 STARTTLS says « The client tells the Attachment Daemon 
> (2.1) to switch to TLS encrypted communication » but does not 
> explicitly say that if the command STARTTLS is not sent, the 
> Attachment and Management Daemons do not switch to encrypted 
> communication
> https://www.ietf.org/archive/id/draft-rprice-ups-management-protocol-05.html#name-starttls 
> I propose adding the following sentence to section 4.2.12:
>  If the client does not send command STARTTLS to the Attachment Daemon
>  communication continues unencrypted. 

Sounds like a sane decision. Most [ low end ] UPSes do not know anything 
about encryption. What we can do is to recommend communication between 
upsd and ups-monitor to be encrypted.

More information about the Nut-upsdev mailing list