Why not HTTPS in BOINC?

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13036175
RAC: 0
Topic 220914

I swear https used to work to attach to the project, but now even if I specify https it seems to redirect to http.  Why?

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13036175
RAC: 0

The join now instructions say

The join now instructions say to join:
https://einsteinathome.org\

but the URL embedded in BOINC is http://einstein.phys.uwm.edu

Can we switch the default URL boinc uses to https://einsteinathome.org ?  Thanks!

GWGeorge007
GWGeorge007
Joined: 8 Jan 18
Posts: 2767
Credit: 4540374478
RAC: 2144499

Bryan wrote: The join now

Bryan wrote:

The join now instructions say to join:
https://einsteinathome.org\

but the URL embedded in BOINC is http://einstein.phys.uwm.edu

Can we switch the default URL boinc uses to https://einsteinathome.org ?  Thanks!

Both links go directly to my https://einsteinathome.org webpage.

George

Proud member of the Old Farts Association

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13036175
RAC: 0

Yes, my concern is not the

Yes, my concern is not the website.  It's the default way we connect the first time to a project, using BOINC/HTTP - that makes a MITM trivial. If the master URL (and the one in BOINC) was https://einsteinathome.org an attacker needs to acquire a valid cert for einsteinathome.org.

Bernd Machenschalk
Bernd Machenschalk
Moderator
Administrator
Joined: 15 Oct 04
Posts: 4265
Credit: 244922643
RAC: 16846

We tried to change the

We tried to change the MASTER_URL in the project configuration once. But when we did this, even with just changing from http to https all clients already attached to the project got a message saying that the URL of the project has changed and they should detach and re-attach. This is something we didn't want to enforce on all the existing users.

We are working on a system that allows for testing a series of configuration changes that would avoid these messages, but this work is still in progress.

BM

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13036175
RAC: 0

Awesome, if I can help test

Awesome, if I can help test those changes I'd be happy to!

Another change that can help just landed - https://github.com/BOINC/boinc/commit/e4c6319b1c224bc64294729a76606e0b79c99104 (Although I thought a similar fix was already in).  Will follow up when it's in a released BOINC.

 

mikey
mikey
Joined: 22 Jan 05
Posts: 11888
Credit: 1828058866
RAC: 206381

Bryan wrote: Yes, my concern

Bryan wrote:

Yes, my concern is not the website.  It's the default way we connect the first time to a project, using BOINC/HTTP - that makes a MITM trivial. If the master URL (and the one in BOINC) was https://einsteinathome.org an attacker needs to acquire a valid cert for einsteinathome.org

It also means that if you use the exclude command in a cc_config.xml file you MUST use the http prefix instead of the https prefix. It causes problems for those with multiple gpu's trying to run multiple projects on multiple gpu's.

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13036175
RAC: 0

The Windows version 7.6.20

The Windows version 7.6.20 should make the http->https seamless - but that might only work if you keep the same urls.

Mac/Linux users likely still have to do the detach/re-attach dance.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.