HSTS-like feature to prevent end user from clicking through a TLS certificate warning (Anti MITM) #6224
Labels
certificate
client
feature-request
This issue or PR deals with a new feature
help wanted
Good community contribution opportunities
server
Context
TLS/SSL Security / Remote Server authentication / Anti MITM
Description
Ideally, the server owner should be able to set a flag server side to force client-side TLS signature verification for a configurable & refreshing period of time (like HSTS).
This would not be intended to prevent all MITM scenarios, as the flag could in theory be unset by an attacker on first connection, but the user would still get a warning of the event.
Screenshot shows current behavior, which should probably remain the default server-side to keep the software accessible (unless you want the user to be able manually cache the untrusted certificate fingerprint first, then enable strict verification every connection post that initial event).
Thanks for everything!
Mumble component
Both
OS-specific?
No
Additional information
No response
The text was updated successfully, but these errors were encountered: