From b4c9c1df9a7e89d263b1864407a7007338ce770d Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Thu, 7 Dec 2023 14:52:20 +0200 Subject: [PATCH] Updated security.md about mitm. Thanks to xet7 ! --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 5aff43c5a..e4c6312c3 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -60,7 +60,7 @@ and by by companies that have 30k users. ## SSL/TLS - SSL/TLS encrypts traffic between webbrowser and webserver. -- If you are thinking about TLS MITM, look at Caddy 2 webserver MITM detections. +- If you are thinking about TLS MITM, look at https://github.com/caddyserver/caddy/issues/2530 - Let's Encrypt TLS requires publicly accessible webserver, that Let's Encrypt TLS validation servers check. - If firewall limits to only allowed IP addresses, you may need non-Let's Encrypt TLS cert. - For On Premise: