trust some connections with unencrypted data #4436

totaam · 2024-12-08T15:06:19Z

This check is hard-coding the socket types that can be trusted:

xpra/xpra/net/protocol/socket_handler.py

Lines 223 to 224 in 6f11298

    
           def is_sending_encrypted(self) -> bool: 
        
               return bool(self.cipher_out_name) or self._conn.socktype in ("ssl", "wss", "ssh")

But there should be a way to override this and trust specific connections when the user knows that the transport used is actually safe.
Example use-cases:

VMs running locally
VPN connections
connection to (local / DMZ) proxies that provide their own encryption

totaam · 2024-12-08T15:52:50Z

Done in the commit above.

Example usage:

xpra attach "tcp://192.168.0.10:10000/?trusted=yes"

totaam added enhancement New feature or request network security labels Dec 8, 2024

totaam added a commit that referenced this issue Dec 8, 2024

#4436 add option to trust a connection

0203a3f

totaam mentioned this issue Dec 8, 2024

v5.1 features tracker ticket #3954

Open

totaam closed this as completed Dec 8, 2024

totaam mentioned this issue Dec 9, 2024

option to trust X-Forwarded-Proto header with websocket connections #4437

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

trust some connections with unencrypted data #4436

trust some connections with unencrypted data #4436

totaam commented Dec 8, 2024 •

edited

Loading

totaam commented Dec 8, 2024

trust some connections with unencrypted data #4436

trust some connections with unencrypted data #4436

Comments

totaam commented Dec 8, 2024 • edited Loading

totaam commented Dec 8, 2024

totaam commented Dec 8, 2024 •

edited

Loading