Ios: Use SSL Client Certificate to improve security

Created on 28 Apr 2019  路  7Comments  路  Source: nextcloud/ios

Expected behaviour

Option to configure a Nextcloud account to include an SSL User's Private Key and Certificate to connect to the server.

The use of an SSL Client certificate greatly improves the security. It protects the SSL connection against SSL decryptors deployed here and there and many other threats. It also improves the security in the mobile device by moving the private key to a memory space where nothing can touch it.

As a first step, it should be easy to add this as an extra option to account but still require the password or the access token. In a further release, it would be possible to use the certificate as the only authentication but that requires more effort and more config in the SSL engine facing the Nextcloud service as well as in the Nextcloud config itself to map certificates names to usernames.

Actual behaviour

To use such a client side certificate is not an option as of now

Steps to reproduce

N/A

iOS version

N/A

App version

Latest

Server configuration

N/A

Operating system:
N/A

Web server:
N/A

Database:
聽N/A

PHP version:
N/A

Nextcloud version: (see Nextcloud admin page)
聽N/A

picture Heracles31
👍10

Most helpful comment

+1 馃榿

picture cecom on 3 Jun 2019
👍4

All 7 comments

+1
Yeah i like to have that too.

ashk0re picture ashk0re on 29 Apr 2019
👍4

+1 馃榿

cecom picture cecom on 3 Jun 2019
👍4

+1

fhoner picture fhoner on 19 Oct 2019
👍2

This would definitely be great option to improve security

renini picture renini on 31 Jan 2020
🚀1

TLS client certificate is a powerful feature to improve security and add addition factor to it

binlab picture binlab on 7 Apr 2020
👍3

+1 here.
I tried and added my client certificate to the ios certificate store, but this does not seem to be sufficient. After adding the certificate safari can access the server, but the Nextcloud client reports:
Connection error: The network connection was lost. Without the client certificate this setup works.

alexswerner picture alexswerner on 12 Apr 2020

According to Apple documentation, apps have to write their own code to import SSL client certificates. It also outlines how to implement the feature. Hope to see support for this.

pellaeon picture pellaeon on 16 Aug 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jancborchardt picture jancborchardt  路  5Comments
TecJon picture TecJon  路  5Comments
immortal79 picture immortal79  路  4Comments
Alphakilo picture Alphakilo  路  3Comments
khlschrnk picture khlschrnk  路  5Comments