20.xx: postponse LuCI HTTPS per default

Fernando Frediani fhfrediani at gmail.com
Fri Nov 20 08:22:40 EST 2020


I don't see having HTTPS by default in LuCI as something good or even 
necessary ? It's actually an unnecessary complication that could always 
be optional.

One of the main reasons is that in many and probably most cases of a new 
deployed OpenWrt router there is still no Internet connection available. 
Also it doesn't seem to be that people need it since access by default 
is only done via the LAN interfaces. If someone for some reason wishes 
for example to expose the LuCI web interface to the internet than fine 
to have it running on HTTPS and that can be enabled by those who wish to 
operate in such way. As this example there are certainly others that 
justify to have a HTTPS but I don't they they are most.

The same way I see as interesting to have an automated way to generate 
SSL Certificates (ex: via Let's Encrypt), but again, that should be 
optional to only those who wish to use HTTPS for their specific needs.

Fernando

On 20/11/2020 06:44, Karl Palsson wrote:
> "Paul Spooren" <mail at aparcar.org> wrote:
>> Hi,
>>
>> The current list of release goals for 20.xx states[0] that LuCI
>> should use HTTPS per default. This works by creating on-device
>> a self-signed certificate. Self-signed certificates result in
>> warnings and may cause more harm than good, multiple discussion
>> are found in the mail archive.
>>
>> As no clean solution seems in reach while 20.xx seems close,
>> I'd like to suggest to postponse HTTPS LuCI (`luci-ssl` vs
>> `luci`) per default.
>>
>> This isn't a vote but a request for developer/user opinions.
> Very much in favour of leaving this off, self-signed isn't viable
> by default
>
> Sincerely,
> Karl Palsson
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list