Request secure Nexus binaries with HTTPS

garrooo · October 16, 2017, 5:50pm

Currently, SDK modules and 3rd party dependencies are hosted by Inductive Automation at:

http://nexus.inductiveautomation.com:8081/nexus/content/repositories/inductiveautomation-releases/
http://nexus.inductiveautomation.com:8081/nexus/content/repositories/inductiveautomation-thirdparty/

To avoid the possibility of man in the middle attacks, is there a possibility of making these repositories available over a secured HTTPS connection?

The JARs are binaries and IT policies in-house do not favour the idea of fetching binaries insecurely fetched over HTTP. The JARs are accompanied by md5 and sha1 hashes, but these checksums are also hosted by the same unencrypted HTTP connection.

This topic is related to:

References:

Kevin.Herron · October 16, 2017, 5:53pm

It won’t happen quickly, but I’ll make sure this is on the radar. We’ve also been meaning to (or putting off…) upgrade Nexus to the latest 3.x version, so maybe those can happen at the same time.