Comments (3)
0xFFFC0000
commented on July 20, 2024
Regarding your questions.
- Can I be sure that the connection is save with ssl?
I didn't understand this part. What do you mean by save with ssl?
- Take the Option --rpc-ssl with the command enabled the certificate from the folder .bitmonero?
My apologies. I didn't quite understand this question.
- Is there a way to check the ssl connection?
You mean something like wireshark/tcpdump? One other way would be to set log level to 4, and look at the data transmitted during RPC requests and response.
- Is there a way in the running monerod, to check the SSL?
Same as the previous question.
from monero.
jogii2p
commented on July 20, 2024
- Can I be sure that the connection is save with ssl?
Here I meant whether there is a way to check and ensure that the SSL-RPC connection is fully functional?
This question is actually answered by the questions below.
- Take the Option --rpc-ssl with the command enabled the certificate from the folder .bitmonero?
Which certificates does SSL use for an RPC connection and where are they usually stored in the system? Are they the certificates that I find under "/home/user/.bitmonero"? Because there are two here, "rpc_ssl.crt" and "rpc_ssl.key", are these the standard certificates used for an SSL-RPC connection? If I don't specify any others?
- Is there a way to check the ssl connection?
Yes here i meant wireshark/tcpdump or the log level 4.
In log level 4 I found:
2024-06-14 11:33:45.351 [RPC1] DEBUG net contrib/epee/include/net/abstract_tcp_server2.inl:1496 New server for RPC connections, SSL enabled
Is this proof that SSL is being used?
it seems that "--rpc-ssl enabled" allows a non ssl connection if SSL is switched off on the client (Cakewallet). A connection is nevertheless established here without SSL. (Cakewallet Option: SSL use off)
Is that right?
Is there a way to only accept an SSL connection and reject other RPC requests?
The background of my question is to make absolutely sure that my connection from Cakewallet (RPC-Client) to my Monero node (RPC-Server), which is protected with user and password, is also protected via SSL. I want to exclude my own mistakes here and also protect my username and password.
If no SSL connection is established, my transmitted data, transactions (edit-Here I know that the transaction is protected by monero standard) , username and password are visible in plain text, aren't they?
- Is there a way in the running monerod, to check the ssl?
Here I meant a possible command to display the RPC clients and their connections to the Monero node, e.g. with "print_rpc" or similar. But I have now looked through all the documents and found nothing about this. I thought there was a possibility to display the RPC requests of the last hour or similar.
Next time I'll write more clearly :)
from monero.
selsta
commented on July 20, 2024
I just did a test starting monerod with --rpc-ssl enabled, together with monero-wallet-cli and --daemon-ssl disabled I was not able to connect. If Cake Wallet is able to connect to SSL enabled daemon with SSL disabled then there might be a bug in Cake Wallet.
The auto settings means that the daemon allows SSL and non-SSL connections.
from monero.
Related Issues (20)
- blockchain always gets corrupt HOT 1
- [Discussion] Stress Testing monerod HOT 9
- Privacy Issue: Unneccesarry merging of coins makes users more traceable (broken change management) HOT 4
- Privacy: Transaction uniformity and receiving address type -- practical statistical de-anonymization HOT 1
- ERROR: chunk size exceeds buffer size while exporting monero database HOT 5
- Scan_tx stucks on newer versions HOT 9
- monerod started mining on its own HOT 30
- "Refresh" logic not resuming refresh from correct height causing excessive bandwidth / processing for nodes
- Compilation errors on gcc 14.1.1 HOT 10
- List of bugs in `export_transfers`
- Disucssion: FIRST_REFRESH_GRANULARITY set too high; causing excessive node bandwidth / processing
- Bug: start_height not being respected both in "refresh" RPC call and Wallet.cpp API.
- Error when running wallet in Gramine (Intel SGX) HOT 1
- Corrupted binaries built from Ubuntu 22.04 HOT 2
- Why can't the transaction be confirmed? This is on my private chain, mining is enabled, and gas is normal. HOT 6
- Why can't the transaction be confirmed? This is on my private chain, mining is enabled, and gas is normal.
- Trezor Safe 3 passphrase entry fails on host with long/special passphrases HOT 1
- Problems with connecting wallet-cli to local node HOT 11
- Daemons processing big blocks may bump against serializer sanity checks and fail to sync HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from monero.