Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tutorial fails to meet its goal of allowing only permitted peers #984

Open
Jacob-Burckhardt opened this issue Aug 19, 2022 · 0 comments
Open

Comments

@Jacob-Burckhardt
Copy link

This documentation says:

We assume it accepts messages only via TLS protected plain tcp based syslog from those peers that are explicitly permitted to send to it.

Despite the security goal being to allow only permitted peers, it actually allows other peers such as "man in the middle" peers as stated below:

The gtls page says:

"anon" does not permit to authenticate the remote peer. As such, this mode is vulnerable to man in the middle attacks as well as unauthorized access. It is recommended NOT to use this mode. A certificate/key does not need to be configured in this authmode.

In the first link above, please consider changing anon to x509/name.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant