fix: reenable allowInsecure #3082
Conversation
xiaokangwang
added
the
Extensive Review Required
|
Hi! I have reviewed your merge request and would like to suggest an alternative. Instead of allowing "allow_insecure", what is your opinion about adding an new option:"allow_insecure_if_certificate_pinned"? It will enable "allow_insecure" if the certificate is pinned, and return an error otherwise. This would allow any certificate to be used if MITM is already prevented by certificate pinning, and does not allow someone to disable certificate verification when they have been MITMed. |
|
The bottom line was to make v2ray work under certain conditions, such as connecting to a server via https albeit the server certificate is self-signed. This is sometimes for obfuscation purpose rather than for encryption, which is quite common, So, In my personal opinion though, the good old "allow_insecure" is enough, since the purpose is to alert, and the user is alerted when writing the configuration. On the other hand, I guess the purpose of this breaking change is to remind users that there are now new features to enhance security? I honestly don't know if it's a little overkill for this purpose... |
|
I understand your concern about just make things works. However, with the rise of popularity of unobfuscated protocols like trojan and vless allow firewall to identify these protocol by temporarily MITM the tls connection to attempt to inspect the content. For this reason allow insecure over internet adversely impact the anti-censorship ability of V2Ray. |
|
ChatGPT suggests Unimportant: An elaboration for typical cases where MITM is considered unimportant: sometimes (unsure if popular) v2ray is used within campus/corporate LAN to circumvent local firewall rules without exposing its usage to LAN admins, and privacy is considered justified against unnecessarily strict internal censorship. In such cases, LAN servers usually have only self-signed certificates, and local MITM for active v2ray detection is unlikely. At least, nothing should tarnish v2ray's reputation when it's user/3rd-party specifying |
|
I will just go ahead and create a separate pull request based on the allow insecure if certificate pinned system. The issue here is that, I believe the temporary MITM attack system is not necessarily only from local network but could from ISP as well. Even github was once MITMed by GFW. I understand that the user are ultimately responsible for their own action, but if there is something I could do I may just do it. |
|
It is closed because another merge request have supersede its functionality. Feel free to open again if there is something unaddressed. |
#3081