[Nut-upsdev] NUT I-D: Unencrypted communication
Manuel Wolfshant
wolfy at nobugconsulting.ro
Mon Jan 3 12:23:26 GMT 2022
On 1/3/22 14:17, Roger Price wrote:
> I have received a comment from a embedded Windows XP user, concerned
> at being forced to use TLS encrypted communication by low budget "RFC
> conforming" UPS units which do not allow unencrypted communication.
I guess you meant _encrypted communication_ here
>
> Section 4.2.12 STARTTLS says « The client tells the Attachment Daemon
> (2.1) to switch to TLS encrypted communication » but does not
> explicitly say that if the command STARTTLS is not sent, the
> Attachment and Management Daemons do not switch to encrypted
> communication
>
> https://www.ietf.org/archive/id/draft-rprice-ups-management-protocol-05.html#name-starttls
>
>
> I propose adding the following sentence to section 4.2.12:
>
> If the client does not send command STARTTLS to the Attachment Daemon
> communication continues unencrypted.
Sounds like a sane decision. Most [ low end ] UPSes do not know anything
about encryption. What we can do is to recommend communication between
upsd and ups-monitor to be encrypted.
More information about the Nut-upsdev
mailing list