20.xx: postponse LuCI HTTPS per default
Fernando Frediani
fhfrediani at gmail.com
Fri Nov 20 08:22:40 EST 2020
I don't see having HTTPS by default in LuCI as something good or even
necessary ? It's actually an unnecessary complication that could always
be optional.
One of the main reasons is that in many and probably most cases of a new
deployed OpenWrt router there is still no Internet connection available.
Also it doesn't seem to be that people need it since access by default
is only done via the LAN interfaces. If someone for some reason wishes
for example to expose the LuCI web interface to the internet than fine
to have it running on HTTPS and that can be enabled by those who wish to
operate in such way. As this example there are certainly others that
justify to have a HTTPS but I don't they they are most.
The same way I see as interesting to have an automated way to generate
SSL Certificates (ex: via Let's Encrypt), but again, that should be
optional to only those who wish to use HTTPS for their specific needs.
Fernando
On 20/11/2020 06:44, Karl Palsson wrote:
> "Paul Spooren" <mail at aparcar.org> wrote:
>> Hi,
>>
>> The current list of release goals for 20.xx states[0] that LuCI
>> should use HTTPS per default. This works by creating on-device
>> a self-signed certificate. Self-signed certificates result in
>> warnings and may cause more harm than good, multiple discussion
>> are found in the mail archive.
>>
>> As no clean solution seems in reach while 20.xx seems close,
>> I'd like to suggest to postponse HTTPS LuCI (`luci-ssl` vs
>> `luci`) per default.
>>
>> This isn't a vote but a request for developer/user opinions.
> Very much in favour of leaving this off, self-signed isn't viable
> by default
>
> Sincerely,
> Karl Palsson
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list