The end-to-end transport security was implemented in release 16.7 <16.7https://www.gocd.org/releases/#16.7.0> to get rid of that initial handshake over HTTP. It's recommended that you turn it on, especially so when going over an untrusted network.
On Wed, Jul 19, 2017 at 10:08 PM Stefan Smith <[email protected]> wrote: > Hi, > > I'm looking to have a GoCD agent connect over the internet to a GoCD > server. The agent and server are in different networks. Is this safe, > assuming a custom TLS certificate is used as per > https://docs.gocd.org/current/installation/ssl_tls/custom_server_certificate.html > and > https://docs.gocd.org/current/installation/ssl_tls/end_to_end_transport_security.html? > The agent will also have the server's auto-register key. > > I know that in the past, the agent connected via HTTP as part of initial > registration, before using an HTTPS connection for all subsequent > communcation. Is this still the case? Does this expose any possible > security holes? > > Thanks, > > Stef > > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
