13

The Wiki contains a page that simply states:

JSON-RPC over SSL is strongly discouraged

Why?

I found a method for enabling JSON_RPC over SSL here. The post mentions nothing about JSON-RPC over SSL being strongly discouraged. What risks do I run by using it?

Rich Apodaca
  • 2,311
  • 2
  • 14
  • 34
  • Note to other readers: This question is about the use of a command interface for Bitcoin software, and does not really have anything to do wtih JSON-RPC. – Zero3 Feb 23 '21 at 11:12

1 Answers1

11

The RPC interface isn't designed to be used in any scenario which would require SSL, which would be access over the internet or other untrusted networks. It doesn't have the necessary denial of service protections or review to make it safe for use this way, and so letting potentially malicious clients connect to it would be incredibly unwise. If you need to talk to a remote bitcoind instance you are better off tunneling with SSH or stunnel which will provide a secure, authenticated path without exposing the socket any further than localhost.

As of 2017, support for RPC SSL has been completely removed to support the continued move away from reliance on OpenSSL in the daemon (unfortunately BIP70 mandates its inclusion for the GUI client).

As of 2019, all reliance on OpenSSL has been successfully removed from bitcoind.

Claris
  • 15,323
  • 2
  • 26
  • 43
  • can I add this to the bitcoin wiki??? ermmm Screw it I'm doing it! – Frankenmint Mar 22 '16 at 22:41
  • the year is now 2017, and it seems RPC SSL support has been dropped altogether. Instead, the release notes recommend using OS specific tunneling mechanisms. Cheers. https://bitcoin.org/en/release/v0.12.0#rpc-ssl-support-dropped – Jesús Zazueta Apr 07 '17 at 15:06
  • Also hence the release notes when SSL was dropped. Mentions some solutions: https://github.com/bitcoin/bitcoin/blob/d6a92dd0ea42ec64f15b81843b4db62c7b186bdb/doc/release-notes.md#ssl-support-for-rpc-dropped – Jonas Schnelli May 04 '17 at 12:55
  • can I use IPSEC ? – Haddar Macdasi Oct 19 '17 at 16:58
  • i didn't quite understand the reasoning; passing sensitive information in cleartext is a bigger problem, it's a big no-no. (it's listed as a common weakness https://cwe.mitre.org/data/definitions/319.html ) – MichaelMoser Mar 24 '21 at 01:42
  • It's not the responsibility of Bitcoin Core to provide a secure transport. The RPC interface is supposed to be used locally to a system where encryption is not required, if it is to be used remotely, a user can provide their own transport such as wireguard or even SSL if they so choose, but it's not safe for it to be a built in. The prior existence of SSL in Bitcoin Core has directly resulted in memory corruption in OpenSSL leaking secure memory from the client. – Claris Mar 24 '21 at 03:16