Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


JNA



21 posts

Geek
+1 received by user: 4


Topic # 210196 17-Mar-2017 13:36 Send private message quote this post

Hi All,

 

I would like to know if there is a way to enable all HTTP connections to the Spark HG659B Home Gateway device to be HTTPS by default?

 

IMHO this should be the only way to connect to your modem as if I purchased a current quality, alternative from TP-Link, HTTPS would be activated.

 

I've have looked through all the sections on the device portal, read the Huawei Manual and quite a few pages of this forum to no avail.

 

If there is no way to do this, fine however a feedback channel to Spark NZ in relation to this would be appreciated.

 

TIA. JNA.


Create new topic
5729 posts

Uber Geek
+1 received by user: 2332

Trusted
Subscriber

  Reply # 1742751 17-Mar-2017 13:44 4 people support this post Send private message quote this post

Erm why? You shouldn't need HTTPS if it is just on your local network as you're only going to man in the middle yourself. If you've got it exposed to the internet then disable this now.





Michael Murphy | https://murfy.nz
Want to be with an awesome ISP? Want $20 credit too? Use this link to sign up to BigPipe.
The Router Guide | Community UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


JNA



21 posts

Geek
+1 received by user: 4


  Reply # 1742784 17-Mar-2017 14:49 Send private message quote this post

It's internal but still, why not mandate HTTPS?


181 posts

Master Geek
+1 received by user: 50


  Reply # 1742786 17-Mar-2017 14:55 8 people support this post Send private message quote this post

How would you add a valid certificate? A self-signed certificate would throw a browser error that would freak most users out.


3075 posts

Uber Geek
+1 received by user: 1544

Trusted
Spark NZ

  Reply # 1742788 17-Mar-2017 14:55 Send private message quote this post

I'm not aware of any way to force this. The router will respond to HTTPS if you address it directly, but doesn't appear to be able to force it - at least not in a standard and supported way. I don't know what you might be able to do from a CLI but it's not going to be a supported config.

 

FWIW - I agree with the above that this is not particularly valuable. If someone is already on your network then you've already lost.

 

Cheers - N

 

 


24617 posts

Uber Geek
+1 received by user: 4572

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1742795 17-Mar-2017 15:09 2 people support this post Send private message quote this post

Why do you believe it's such an essential feature?

 

HTTPS without signed certs is a waste of time due to the errors it throw up in modern browsers.


700 posts

Ultimate Geek
+1 received by user: 160

Trusted

  Reply # 1742799 17-Mar-2017 15:14 Send private message quote this post

Latest firefox throws up warnings about inputing passwords over an unencrypted connection, which I noticed recently on my HG659B. So, some users are going to freak out either way.

19130 posts

Uber Geek
+1 received by user: 3249

Trusted
Subscriber

  Reply # 1742801 17-Mar-2017 15:22 One person supports this post Send private message quote this post

The only way to make it not freak people out is to rely on it DNS intercepting a fully qualified name they have the ability to get a cert generated for, which IMO is a much more messy solution than just using http and putting up with the not secure message.





Richard rich.ms

1381 posts

Uber Geek
+1 received by user: 364

Subscriber

  Reply # 1749127 28-Mar-2017 01:50 One person supports this post Send private message quote this post

To get a trusted cert installed on a router would mean the private keys for that cert would have to also be saved into that router. This would be very,very bad. As anyone who has that router would be able to get access to those private keys and issue their own fake certs for any website. That would then be trusted by web browsers.

 

And if the connection is getting bounced between you - server somewhere on the internet - router. Then you have to also trust that server.

 

I would be very worried if routers are getting shipped out with trusted certs installed in them. To make it at least semi secure the router would need a TPM installed. And then it would need a way of been securely updated, as certs only last for 2 years. Since consumer grade routers are cheaply made, and various models have been previously hacked. I see 0 chance of certs on a consumer router not getting hacked almost immediately. And if you don't have internet access, how would your browser check if the cert has been revoked or not?






Create new topic



Amazon prices in US$






Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:






Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.