[Nut-upsdev] NUT I-D: Unencrypted communication
Roger Price
roger at rogerprice.org
Mon Jan 3 17:35:40 GMT 2022
On Mon, 3 Jan 2022, Manuel Wolfshant wrote:
> On 1/3/22 14:17, Roger Price wrote:
>> I propose adding the following sentence to section 4.2.12:
>>
>> If the client does not send command STARTTLS to the Attachment Daemon
>> communication continues unencrypted.
>
> Sounds like a sane decision. Most [ low end ] UPSes do not know anything
> about encryption. What we can do is to recommend communication between upsd
> and ups-monitor to be encrypted.
Should the Attachment Daemon upsd be able to defend itself against unencrypted
access from misconfigured or possibly hostile clients?
If so, how is this to be configured in the Attachment Daemon upsd?
Is the presence of a CERTFILE or CERTIDENT declaration in upsd.conf sufficient?
Roger
More information about the Nut-upsdev
mailing list