On 2019-03-15 09:53, Franky Van Liedekerke via clamav-users wrote:
I wonder why the http/https discussion is still relevant. Almost all sites use https now, http is getting slowly banned and a lot of companies just don't want to allow incoming http traffic towards a server. Certifcates cost nothing anymore (you have free ones), so that's no longer an issue too. And the cpu issue might've been relevant years ago, but it shouldn't be now (offloading https to a high-performant frontend server can help if you really have issues). Just my 2 cents here ...
One other consideration here is historical: ClamAV relied on donated mirrors, some of which struggled to keep a bare minimum configuration working. Deploying HTTPS and getting the mirror operators to keep up with certificates, secure TLS configuration and other details would add a lot more load to what I understand was already a challenge for the ClamAV team.
The situation has changed somewhat today with Cloudflare's involvement as there would only be one party involved in deploying certificates to all nodes, and a party that can sign and maintain certificates themselves completely automatically at that.
As noted elsewhere in the thread, freshclam work needs to be done before freshclam itself could actually use this capability.
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
