Why is JSON-RPC over SSL "strongly discouraged"?

11

1

The Wiki contains a page that simply states:

JSON-RPC over SSL is strongly discouraged

Why?

I found a method for enabling JSON_RPC over SSL here. The post mentions nothing about JSON-RPC over SSL being strongly discouraged. What risks do I run by using it?

Rich Apodaca

Posted 2015-08-17T00:04:00.420

Reputation: 1 896

Answers

9

The RPC interface isn't designed to be used in any scenario which would require SSL, which would be access over the internet or other untrusted networks. It doesn't have the necessary denial of service protections or review to make it safe for use this way, and so letting potentially malicious clients connect to it would be incredibly unwise. If you need to talk to a remote bitcoind instance you are better off tunneling with SSH or stunnel which will provide a secure, authenticated path without exposing the socket any further than localhost.

As of 2017, support for RPC SSL has been completely removed to support the continued move away from reliance on OpenSSL in the daemon (unfortunately BIP70 mandates its inclusion for the GUI client).

As of 2019, all reliance on OpenSSL has been successfully removed from bitcoind.

Anonymous

Posted 2015-08-17T00:04:00.420

Reputation: 10 054

can I add this to the bitcoin wiki??? ermmm Screw it I'm doing it!Frankenmint 2016-03-22T22:41:13.520

the year is now 2017, and it seems RPC SSL support has been dropped altogether. Instead, the release notes recommend using OS specific tunneling mechanisms. Cheers. https://bitcoin.org/en/release/v0.12.0#rpc-ssl-support-dropped

Jesús Zazueta 2017-04-07T15:06:50.713

Also hence the release notes when SSL was dropped. Mentions some solutions: https://github.com/bitcoin/bitcoin/blob/d6a92dd0ea42ec64f15b81843b4db62c7b186bdb/doc/release-notes.md#ssl-support-for-rpc-dropped

Jonas Schnelli 2017-05-04T12:55:28.140

can I use IPSEC ?Haddar Macdasi 2017-10-19T16:58:40.457

Asked: 2015-08-17T00:04:00.420

Viewed: 3 922 times

Active: 2019-04-26T13:04:31.230