Context Navigation

← Previous Ticket
Next Ticket →

#4737 closed defect (fixed)

Update TLS certificate for XMPP

Reported by:	Dunedan	Owned by:
Priority:	Must Have	Milestone:	Alpha 23
Component:	Multiplayer lobby	Keywords:
Cc:		Patch:

Description

The XMPP serves providing the default lobby (lobby.wildfiregames.com:5222) currently serves a self-signed certificate, which expired last year. Please fix that and install a valid one signed by a known CA.

It'd probably also be a good idea to adjust 0ad to refuse to connect to an TLS-enabled XMPP-server which is serving an invalid certificate.

Change History (6)

comment:1 by leper, 7 years ago

Since the game doesn't use TLS at all, it doesn't see an outdated cert. In case someone cares it would be nice to get a Let's Encrypt cert for the lobby server (but without running an http server on the lobby server), and then require TLS when connecting to the lobby. (There might also be some information regarding this and a few related issues in some slightly flamewar-y forum topic.)

comment:2 by Dunedan, 7 years ago

The "Ratings"- and "WFGBot"-XMPP-bots use TLS if I'm not mistaken. As I assume that they're running on the same server as ejabberd that shouldn't matter for them much though.

A Letsencrypt certificate would be perfect and also doesn't need an HTTP server. Challenges can be also exchanged via DNS or a temporary HTTP server just for that purpose.

comment:3 by leper, 7 years ago

Yes, the bots are most likely still running on the same box (under a different user, but that's about it). I'm not sure how we get our certs, but I assume that it isn't using the dns challenge, which most likely will need some work to get a cert that way (either forwarding traffic, or changing that mechanism).

Then again I'm not involved in running the lobby (anymore), or any of the other machines.

comment:4 by elexis, 6 years ago

Milestone:	Backlog → Alpha 23
Priority:	Should Have → Must Have

Self-signed is as valid as an expired one, so we actually need one from Let's encrypt if MITM should be prevented.

TLS is both cheap to implement and good practice and good practice is an obligation by https://gdpr-info.eu/art-32-gdpr/ under some arbitrary conditions, refs #5257. By implementing TLS, the elastic clauses were much harder to violate. There already are Cease & Decist letters in germany for this under both GDPR and TMG (Telemediengesetz), so it seems silly not to use it.

comment:5 by elexis, 6 years ago

In 21875:

Lobby to optionally require TLS certificate and certificate verification, refs #4737, #5257.

These are config options because developers should be able to test a local lobby server quickly without going through the hassle to create a valid or invalid certificate or modify and compile the client.
To protect from malicious JS mods reducing these security config options, these options as well as the hostname would have to be protected from JS access.
The user might still connect to other lobbies through a hypothetical UI if there were a non-modifiable GUI confirmation dialog prior to the connection.

Proofreading and feature design discussion by Vladislav and Dunedan on irc on 2018-08-19 and 2018-08-23.

comment:6 by elexis, 6 years ago

Resolution:	→ fixed
Status:	new → closed

The certificate should be fine, gloox isn't: #4705.

Note: See TracTickets for help on using tickets.

Download in other formats: