Hi, I guess we could simply ask the user by default (with options to auto generate a certificate or ignore https). Luci already warns that a root password must be set. Why not also add something like: "Upgrade to a secure connection?".
"No password Set! There is no ... <Go to password configuration>... " "You are using an unencrypted connection! Before informing sensitive information, like a password, it is recommended to enable encryption (https) <Setup a certificate and enable encryption>... <Don't warn me again.> # it will require authentication if a password is already set " If the user opts to use it, it could generate a self-signed certificate and offer it to be downloaded/imported even before using it. http://192.168.1.1/luci/https-settings#generate-self-signed... HTTP Settings: #if "the certificate is not trusted by the browser. Can we test it using ajax?" <Download current certificate> Click here to download and import the router certificate now. Otherwise, your browser will warn you that the router certificate is not trusted. Then, you can ignore the error and continue. However, it would be safer to add the router to browser certificate exceptions. You might need to do it again every time the certificate is regenerated. If the certificate warning page reappears again for the same router at the same browser, it might not be automatically trusted as it could be a malicious device impersonating your router trying to steal your credentials. #endif [Generate a new self-signed certificate] [Generate a new certificate request] / [Import the signed certificate] # if a CSR was generated [Generate a new Let's Encrypt certificate] # it would be a nice add-on [Remove current certificate and disable encryption] The next luci request will redirect the browser to https:// My 2 cents, --- Luiz Angelo Daros de Luca [email protected] _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
