pkg and https-based repo with self-signed cert
Crest
crest at rlwinm.de
Fri Feb 6 17:01:43 UTC 2015
On 05.02.2015 21:52, Kurt Jaeger wrote:
> Hi!
>
> How do I get pkg to accept a self-signed cert if the repo is running
> under https ?
>
> Thanks for any hints!
There is no need to use TLS as transport encryption, because repos can
be signed. It's not only more efficient to transport unencrypted signed
files than relying on transport encryption it also allows repos to be
replicated to untrusted mirrors and proxies. There is no harm in
encrypting your HTTP transfers with TLS if your package mirror enough
CPU power to spare. You gain little by encrypting your package downloads
because a passive attacker can still fingerprint the fetched packages by
their size and dependencies.
More information about the freebsd-ports
mailing list