Comments (5)
What behavior needs to be modified in order for it to be secure? I can try to document this but I'm not sure I understand the issue.
from http2-grpc-haskell.
When a browser (e.g. Firefox or Chrome) opens a website (e.g. github.com), then it uses a "secure-by-default" approach. This means, it will prefer HTTPS over HTTP, and when using HTTPS, it will prefer certain TLS ciphers over others, and it will validate that the TLS certificates used on the website are valid (have not expired, have been signed by a trusted root certificate). When something is not in order according to its built-in secure-by-default behaviour, it will show a big warning and not load the website in question. See for example the pages on https://badssl.com/ where you can see a range of those problems that your browser will warn you about. You, the users of your browser, will be to some extend protected because the software you use has good defaults.
Now, that is not the case with this grpc client. grpcClientConfigSimple
not only simply uses the defaults of the underlying TLS library, but it actively turns off any kind of even basic TLS certificate validation. So when using the grpcClientConfigSimple
function with TLS, I will get no indication if the grpc server I connect to has an invalid TLS certificate. No trust store is checked, expiration is ignored, ciphers are not considered, etc.
In general, using TLS means there is some encryption at the transport layer. This is however only useful if that encryption can A) not be easily broken (e.g. by using weak ciphers) and B) there is a check made to ensure the entity you wish to send some payload to is actually the entity you expect - and not a man-in-the-middle attacker.
The current grpc client creation behaviour is unexpected and downright dangerous behaviour: Unassuming users of this library can create software which will be used by real people who expect a certain amount of default security, which is currently absent.
I can understand that for testing purposes you may wish to have a function that is insecure. But that should not be the only function, and it should clearly state that it is insecure.
As it stands, not only am I as the user of haskell-grpc-native mislead when using the library with TLS, as I assume some basic validation (That's the regular expectation I have come to expect when using tools on the internet these days) which has been turned off with TLS.onServerCertificate = \_ _ _ _ -> return []
, but in addition I do not have any alternative function from this library that I can use which gives me TLS connection that has some basic checks performed.
Could you please:
- document that the default behaviour is insecure (at a minimum)
- rename
grpcClientConfigSimple
togrpcClientConfigInsecure
and add haddocks stating that no TLS checks are performed (this would be appreciated!) - if you have the time, add another function which does not turn off TLS checks, or even allows a user of the library to hook their own TLS configuration into it when creating a grpc client.
Does that make more sense now?
from http2-grpc-haskell.
Perfect. Thank you for the detailed request. I have just been given co-maintainership of the project. I will not have the chance to address this for the next week or so but hope to be able to get back to it after June 10th.
from http2-grpc-haskell.
@ProofOfKeags What is the story behind this suppression function? As I can see Network.TLS have default implementation https://hackage.haskell.org/package/x509-validation-1.6.11/docs/src/Data.X509.Validation.html#validateDefault . Isn't it good enough? Can we just use it?
from http2-grpc-haskell.
I don't see why not at first glance. As long as the way we add it in doesn't stop us from writing a custom one or swapping out another value of that type. The main non-default use case is adding additional RootCA certificates to the set that is extracted from the system.
from http2-grpc-haskell.
Related Issues (20)
- Invalid HTTP header field HOT 2
- Implement Server Reflection
- Have some logo HOT 1
- Add a set of examples HOT 6
- Add a benchmark tool HOT 1
- Add performance counter hooks
- Add some form of connection manager for the client HOT 1
- Document usage with pretty pictures HOT 1
- Remove the "forked from lucasdicioccio/http2-grpc-haskell" thing from GitHub HOT 2
- Import work around Bazel HOT 1
- InvalidState: "stream error" HOT 1
- Upper bound on proto3-wire dependency breaks current builds on Nix (Stack + Nix integration)
- include .cabal file in http2-grpc-types package HOT 7
- Support unix sockets in http2-client-grpc HOT 2
- Clarify the goals of the project
- Resource Safe Stream Cancellation
- http2-grpc-proto-lens on Hackage is outdated HOT 2
- Examples of using these packages
- Cannot build on GHC 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from http2-grpc-haskell.