HSTS-like feature to prevent end user from clicking through a TLS certificate warning (Anti MITM) · mumble-voip/mumble#6224

(4 comments) (1 reaction) (0 assignees)C++ (5,642 stars) (1,062 forks)batch import

certificateclientfeature-requesthelp wantedserver

Description

Context

TLS/SSL Security / Remote Server authentication / Anti MITM

Description

Ideally, the server owner should be able to set a flag server side to force client-side TLS signature verification for a configurable & refreshing period of time (like HSTS).

This would not be intended to prevent all MITM scenarios, as the flag could in theory be unset by an attacker on first connection, but the user would still get a warning of the event.

Screenshot shows current behavior, which should probably remain the default server-side to keep the software accessible (unless you want the user to be able manually cache the untrusted certificate fingerprint first, then enable strict verification every connection post that initial event).

Thanks for everything!

Annotation

Mumble component

Both

OS-specific?

Additional information

No response

Contributor guide

Tech stack: cpp
Domain: security
Issue type: feature
Difficulty: 4
Estimated time: over 1 week
Activity status: stale
Clarity: needs investigation
Prerequisites: Knowledge of C++Understanding of TLS/SSLFamiliarity with Mumble codebase
Newbie friendliness: 25
Research direction: Investigate the current TLS certificate verification implementation in Mumble's client and server (likely in src/mumble/ and src/murmur/ directories). Determine where the 'accept untrusted certificate' dialog is shown and how to implement a server side flag to force strict verification for a period. Review any related discussions or issues about HSTS to adapt the concept to Mumble's protocol.