Details
-
Improvement
-
Resolution: Fixed
-
Critical
-
None
-
5
Description
We rectify TLS in plaintext because our client certificates may have been rotated while we are down and we are now unable to communicate with Server. Which is all well and good with the exception that your admin username and password are going over the wire in the nude.
With password rotation, we persist the last known working password so that we can use this upon restart in case pesky users have changed it in the mean time. Thus we can talk to CBS with the old one and rotate to the new one.
Using a similar technique, we can cache the last known valid TLS CA, and client chain/key pair and use this. I'm almost certain we may need to sacrifice some get-out-of-jail free cards but to say 100% for certain that noting happens over plaintext I'm happy to take the fall.