I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?
I tried logging in on browser and I had inspected the request. My password was sent in plaintext. Is this a infosec.pub issue or a Lemmy one?
You are describing TLS, which is commonly used for websites and web apps.
Try the following command:
openssl s_client -connect infosec.pub:443The public key, the authority that signed the certificate, and the cypher used will all be visible.
For me, the cipher used is
ECDHE-RSA-AES256-GCM-SHA384.Oh. Okay. I’ll check it out once. I’m pretty new to all this so I didn’t know this is how SSL works.