Question on GiveUpSecurityAndAcceptAnyTlsHostCertificate
Hi Martin,
First, thank you for WinSCP, yada yada yada :) :) Seriously - you are swesome!
A Question: My understanding on GiveUpSecurityAndAcceptAnyTlsHostCertificate (and the related GiveUpSecurityAndAcceptAnySshHostKey) is that it accepts any TLS/SSL certificate as valid.
You mention though (and I found a few forum posts from you) where you say that this is bad security, almost like being completely insecure.
I do not fully understand this. Correct me if I am wrong, but if you use these options, then the TLS/SSL (or host key) is still used and required, it's just that it will blindly accept whatever certificate or key the server presents, right?
The only way that would be insecure then is if the certificate or key was maliciously replaced on the server, correct? As long as the cert or key presented by the server is legitimate on the server, then using that option is not any less secure then specifying the specific cert/key to use by fingerprint, right?
That is what I assume, but some of your posts make me wonder if I have missed something and that really these options do something else also that make the connection not be secure.
I agree that using these do open the potential for the connection to be insecure and their use should generally be discouraged in most cases (though there can be legitimate uses for them). But I'm just trying to get my handle on the exact effect of using these options.
Thanks,
Chris
First, thank you for WinSCP, yada yada yada :) :) Seriously - you are swesome!
A Question: My understanding on GiveUpSecurityAndAcceptAnyTlsHostCertificate (and the related GiveUpSecurityAndAcceptAnySshHostKey) is that it accepts any TLS/SSL certificate as valid.
You mention though (and I found a few forum posts from you) where you say that this is bad security, almost like being completely insecure.
I do not fully understand this. Correct me if I am wrong, but if you use these options, then the TLS/SSL (or host key) is still used and required, it's just that it will blindly accept whatever certificate or key the server presents, right?
The only way that would be insecure then is if the certificate or key was maliciously replaced on the server, correct? As long as the cert or key presented by the server is legitimate on the server, then using that option is not any less secure then specifying the specific cert/key to use by fingerprint, right?
That is what I assume, but some of your posts make me wonder if I have missed something and that really these options do something else also that make the connection not be secure.
I agree that using these do open the potential for the connection to be insecure and their use should generally be discouraged in most cases (though there can be legitimate uses for them). But I'm just trying to get my handle on the exact effect of using these options.
Thanks,
Chris
