Announcement

Collapse
No announcement yet.

We need native HTTPS support!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • jon00
    replied
    Originally posted by Moskus View Post
    I have two-three issues with MyHS:

    MyHS is much faster now than it was before, but it is still noticably slower. We need a EU server.
    What slow speeds are you experiencing Moskus?

    Leave a comment:


  • Moskus
    replied
    Originally posted by rjh View Post
    I don't know why there is a push back on MyHS, we have made it very reliable (I use it every day), and it uses SSL, and its free. Why should we provide yet another secure solution for accessing your home system? That is so complicated that only the really technical can use it?
    I have two-three issues with MyHS:
    1. MyHS is much faster now than it was before, but it is still noticably slower. We need a EU server.
    2. Can you tell me how I can add support for e.g. my own app, WinSeer? I'm sure it's possible but I can't figure out how.
    3. I want to stay logged in for as long as I want.


    Other than that, I don't have anything against MyHS, but it is still yet another (relatively slow) cloud connection I am hoping to avoid.

    Leave a comment:


  • rjh
    replied
    The local web interface is not going away, you will always be able to manage your system locally, without an Internet connection.

    You really cannot use SSL securely without a domain. Sure you can create a self signed cert, but that is not really secure.

    I don't know why there is a push back on MyHS, we have made it very reliable (I use it every day), and it uses SSL, and its free. Why should we provide yet another secure solution for accessing your home system? That is so complicated that only the really technical can use it?

    There are bunch of free tunneling apps out there that you can run on your PC and it will allow you to securely tunnel into your home system. Also, as mentioned, you can use a VPN. So there are solutions available for the technically minded.

    Originally posted by Bestgear View Post
    I think "impossible" is a very strong word and SSL/Certs are normally an easy setup for those that feel they need it.

    I would also say that there is a very strong case not to depend on any cloud service, including MyHS within Homeseer or indeed any HA product. Cloud can add value, but we all know key functionality is easily tripped up due to availability or rather lack of it.

    It would be a sad day when and if HS relies on MyHS and if the local web interface were to dissapear I am sure many users would too.




    David

    Leave a comment:


  • Bestgear
    replied
    Originally posted by rjh View Post
    https is impossible to set up on your own system as you need a certifcate to use properly. So we will probably be removing it in a future build. MyHS uses HTTPS and that is the recommended solution.


    I think "impossible" is a very strong word and SSL/Certs are normally an easy setup for those that feel they need it.

    I would also say that there is a very strong case not to depend on any cloud service, including MyHS within Homeseer or indeed any HA product. Cloud can add value, but we all know key functionality is easily tripped up due to availability or rather lack of it.

    It would be a sad day when and if HS relies on MyHS and if the local web interface were to dissapear I am sure many users would too.




    David

    Leave a comment:


  • rjh
    replied
    https is impossible to set up on your own system as you need a certifcate to use properly. So we will probably be removing it in a future build. MyHS uses HTTPS and that is the recommended solution.

    Leave a comment:


  • Moskus
    replied
    For now I'm happily running using a nginx proxy, which using this post and my existing certificate was relatively easy.

    I just wish that HST was taking this seriously, as a proper web server would be preferable.

    Leave a comment:


  • sparkman
    replied
    We need native HTTPS support!

    Originally posted by Moskus View Post
    There's a problem with that argument.

    HomeSeer is sold and markedet as a product not depending on cloud connections, and running locally.
    Being able to securely access HomeSeer only through HSTs cloud service is somewhat strange then, isn't it?
    I'm not sure it's an argument. HST markets itself as being able to run locally without the cloud, but not about being able to access it remotely without the cloud. Remote access requires 3rd party services (ie internet/the cloud) to work. They substituted one method of access over that for another.

    As I stated in my previous post, I don't agree with HST's direction either and filed a bugzilla on it when Chrome was updated and no longer supported the old TLS. I don't agree with Google's/Chrome's stance either, but I suspect they are even less open to feedback than HST is. You still have an option of implementing your own VPN, which is what I did. Unless most HS users file a bugzilla asking HS to update SSL/TLS, I expect nothing will get done.

    Cheers
    Al
    Last edited by sparkman; March 1, 2017, 08:26 AM.

    Leave a comment:


  • Bestgear
    replied
    Originally posted by Moskus View Post
    There's a problem with that argument.

    HomeSeer is sold and marketed as a product not depending on cloud connections, and running locally.
    Being able to securely access HomeSeer only through HSTs cloud service is somewhat strange then, isn't it?
    100% agree....and many still question the cloud's exact place within HA....considering latency and reliance on systems you have no guarantee on availability.

    Leave a comment:


  • Moskus
    replied
    Originally posted by sparkman View Post
    I believe HS has stated in other threads and on Bugzilla that they are not planning to support newer versions of SLL/TLS as the MyHS service is a replacement for it.
    There's a problem with that argument.

    HomeSeer is sold and markedet as a product not depending on cloud connections, and running locally.
    Being able to securely access HomeSeer only through HSTs cloud service is somewhat strange then, isn't it?

    Leave a comment:


  • sparkman
    replied
    I had not heard about any bugs either, but it does use an outdated version of SSL/TLS so is pretty much useless at this point. I believe HS has stated in other threads and on Bugzilla that they are not planning to support newer versions of SLL/TLS as the MyHS service is a replacement for it. I don't quite agree with that stance and they should remove the SSL functionality completely if that is indeed the case. I use a VPN as well for most of my remote access, but having options is always nice.

    Cheers
    Al

    Leave a comment:


  • drozwood90
    replied
    I do not know if there are bugs in the HTTPS web server or not - I do not use this...but I'd personally rather have the team focusing on product improvements as they have offered other solutions (the My Homeseer service). Personally, I just use OpenVPN and forget about it.

    If I EVER really NEED to access my system through remote, I just wait for the OpenVPN link to establish.

    If I can't wait that long, typically it is only 1 specific thing...and you could use Push Bullet or as I do, use AutoRemote. I use this for things like opening my garage, controlling certain lights in the house. Aside from that, I typically can just wait for the OpenVPN + HSTouch to open up.

    --Dan

    Leave a comment:


  • John245
    replied
    Originally posted by Moskus View Post
    So there's a bug in HomeSeer that give unauthorized users access to their HS systems. And apparently this is really easy to access other systems.

    Rich says he has this fixed in beta .311 which is available here, and I'm currently installing despite my skepticism for betas.

    But while we're looking at security issues, can we talk about the horribly buggy HTTPS web server built into HS3?!
    Why isn't this working properly?!
    I can't for the life of me not understand why HTTPS isn't available and being promoted as a more secure connection.

    After all, HomeSeer is controlling our lives. It would be great if it also attempted to be somewhat secure.


    +1
    ---
    John

    Leave a comment:


  • Moskus
    started a topic We need native HTTPS support!

    We need native HTTPS support!

    So there's a bug in HomeSeer that give unauthorized users access to their HS systems. And apparently this is really easy to access other systems.

    Rich says he has this fixed in beta .311 which is available here, and I'm currently installing despite my skepticism for betas.

    But while we're looking at security issues, can we talk about the horribly buggy HTTPS web server built into HS3?!
    Why isn't this working properly?!
    I can't for the life of me not understand why HTTPS isn't available and being promoted as a more secure connection.

    After all, HomeSeer is controlling our lives. It would be great if it also attempted to be somewhat secure.
Working...
X