Why not HTTPS in BOINC?

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13776464
RAC: 46876
Topic 220914

I swear https used to work to attach to the project, but now even if I specify https it seems to redirect to http.  Why?

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13776464
RAC: 46876

The join now instructions say

The join now instructions say to join:
https://einsteinathome.org\

but the URL embedded in BOINC is http://einstein.phys.uwm.edu

Can we switch the default URL boinc uses to https://einsteinathome.org ?  Thanks!

GWGeorge007
GWGeorge007
Joined: 8 Jan 18
Posts: 3109
Credit: 4995460153
RAC: 1150600

Bryan wrote: The join now

Bryan wrote:

The join now instructions say to join:
https://einsteinathome.org\

but the URL embedded in BOINC is http://einstein.phys.uwm.edu

Can we switch the default URL boinc uses to https://einsteinathome.org ?  Thanks!

Both links go directly to my https://einsteinathome.org webpage.

George

Proud member of the Old Farts Association

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13776464
RAC: 46876

Yes, my concern is not the

Yes, my concern is not the website.  It's the default way we connect the first time to a project, using BOINC/HTTP - that makes a MITM trivial. If the master URL (and the one in BOINC) was https://einsteinathome.org an attacker needs to acquire a valid cert for einsteinathome.org.

Bernd Machenschalk
Bernd Machenschalk
Moderator
Administrator
Joined: 15 Oct 04
Posts: 4330
Credit: 251349410
RAC: 37079

We tried to change the

We tried to change the MASTER_URL in the project configuration once. But when we did this, even with just changing from http to https all clients already attached to the project got a message saying that the URL of the project has changed and they should detach and re-attach. This is something we didn't want to enforce on all the existing users.

We are working on a system that allows for testing a series of configuration changes that would avoid these messages, but this work is still in progress.

BM

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13776464
RAC: 46876

Awesome, if I can help test

Awesome, if I can help test those changes I'd be happy to!

Another change that can help just landed - https://github.com/BOINC/boinc/commit/e4c6319b1c224bc64294729a76606e0b79c99104 (Although I thought a similar fix was already in).  Will follow up when it's in a released BOINC.

 

mikey
mikey
Joined: 22 Jan 05
Posts: 12761
Credit: 1846207167
RAC: 595238

Bryan wrote: Yes, my concern

Bryan wrote:

Yes, my concern is not the website.  It's the default way we connect the first time to a project, using BOINC/HTTP - that makes a MITM trivial. If the master URL (and the one in BOINC) was https://einsteinathome.org an attacker needs to acquire a valid cert for einsteinathome.org

It also means that if you use the exclude command in a cc_config.xml file you MUST use the http prefix instead of the https prefix. It causes problems for those with multiple gpu's trying to run multiple projects on multiple gpu's.

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13776464
RAC: 46876

The Windows version 7.6.20

The Windows version 7.6.20 should make the http->https seamless - but that might only work if you keep the same urls.

Mac/Linux users likely still have to do the detach/re-attach dance.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.