Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Dynamic DNS Hardening on 17.1.2+
« previous
next »
Print
Pages: [
1
]
Author
Topic: Dynamic DNS Hardening on 17.1.2+ (Read 3538 times)
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Dynamic DNS Hardening on 17.1.2+
«
on:
March 03, 2017, 07:48:19 pm »
Dear OPNsense users,
on a pull request we got, we found out, that dynamic DNS is having TLS certificate checks disables on most services.
I have tried some of them if the certificate of the service is trusted*.
First of all the good news - most of the tested services are trusted. But there is a downside: Some services experience issues when you use LibreSSL. The Bug is already fixed in LibreSSL but it did not went upstream yet as a production release.
I have enabled the certificate checks again on some services and this will go into the beta series of 17.7 and will be finally released then. In mean time we would be glad to hear some feedback if the patch is working. You may install it on your device via
Code:
[Select]
opnsense-patch f0f65fc
Find the full commit here to see which services are affected:
https://github.com/opnsense/core/commit/f0f65fc9ad1d7750bf1cb50d470accab93a9afd5
Stay safe
Fabian
* tried to use cURL on the command line which should use the same trust store as the scripts of OPNsense.
If you want to test the connection by yourself, run
Code:
[Select]
curl -v "https://example.com"
-v is for verbose, so the shell will show the result of the HTTPS handshake.
Edit: removed dot from command
«
Last Edit: March 03, 2017, 09:53:03 pm by fabian
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Dynamic DNS Hardening on 17.1.2+