SSL / TLS changes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
New
|
Wishlist
|
Unassigned |
Bug Description
This is a wishlist item to start some discussion around making 2 changes to Evergreen's handling of TLS.
1, given the existence of LetsEncrypt and the fact that encrypted communications aren't that large a drain on modern hardware, TLS should simply be required and assumed across the board. This could be reflected in our sample configs.
2, Enforcing #1 should also be the responsibility of apache or nginx, not OpenILS:
What do folks think?
tags: | added: apache |
+1 to both suggestions.
With Hatch using native messaging, is websockets on localhost still a concern?