Can we skip those (anti-)MITM options when only user/pass based auth is being done?
Posted: Sun Mar 19, 2017 7:10 am
Hi all,
When we use only auth-user-pass-verify to authenticate connections and client config doesn't have any certs expect a <ca> and <tls-auth> section, are the options such as: remote-cert-tls server & tls-remote still needed?
From my understanding, as the client doesn't have any common CA signed certificate & key of his own, he has no way to impersonate as the server? Please correct me if I am wrong.
Thanks.
When we use only auth-user-pass-verify to authenticate connections and client config doesn't have any certs expect a <ca> and <tls-auth> section, are the options such as: remote-cert-tls server & tls-remote still needed?
From my understanding, as the client doesn't have any common CA signed certificate & key of his own, he has no way to impersonate as the server? Please correct me if I am wrong.
Thanks.