You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sunshine currently uses the same TLS certificate for both the web UI and communication with Moonlight. It is desirable to not have self-signed certs on the web UI, and @tailscale users are always tempted to run any local service with legit certs because it's really easy to get a Let's Encrypt one with tailscale cert. Since LE switched to Elliptic Curve by default, those are the type you get with that command, and currently there's no option to request a particular type (tailscale/tailscale#9768).
When moonlight-qt connects to a server with such a certificate, pairing fails with a rather nondescript error in the UI, with "MITM detected" logged on the console.
Describe the solution you'd like
Implement support for ECDSA certificates.
Probably at first also show a warning when one is used, to inform the user that other clients may not support these.
Describe alternatives you've considered
🤷♀️
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
See LizardByte/Sunshine#1353
Sunshine currently uses the same TLS certificate for both the web UI and communication with Moonlight. It is desirable to not have self-signed certs on the web UI, and @tailscale users are always tempted to run any local service with legit certs because it's really easy to get a Let's Encrypt one with
tailscale cert
. Since LE switched to Elliptic Curve by default, those are the type you get with that command, and currently there's no option to request a particular type (tailscale/tailscale#9768).When moonlight-qt connects to a server with such a certificate, pairing fails with a rather nondescript error in the UI, with "MITM detected" logged on the console.
Describe the solution you'd like
Implement support for ECDSA certificates.
Probably at first also show a warning when one is used, to inform the user that other clients may not support these.
Describe alternatives you've considered
🤷♀️
The text was updated successfully, but these errors were encountered: