forum/No SSL traffic for S3?git-annexhttp://git-annex.branchable.com/forum/No_SSL_traffic_for_S3__63__/git-annexikiwiki2013-11-27T22:47:37Zcomment 1http://git-annex.branchable.com/forum/No_SSL_traffic_for_S3__63__/comment_1_f509bf273896180e6df8c771438dd093/joeyh.name2013-11-27T22:47:37Z2013-01-15T20:25:42Z
<p><a href="http://hackage.haskell.org/package/hS3">http://hackage.haskell.org/package/hS3</a> is a Haskell library for S3, which git-annex uses. It does not support HTTPS. I'm sure its author would appreciate help, or maybe even just gentle motivation.</p>
<p>FWIW, I think that S3's authorization is designed to be pretty secure even over an un-encrypted transport.
It uses HMAC to sign the request with your AWS credentials securely, and includes a date that is hopefully used to avoid replay attacks.</p>
comment 2http://git-annex.branchable.com/forum/No_SSL_traffic_for_S3__63__/comment_2_358635d19c82202c63014ca84de7fc3b/Michael2013-11-27T22:47:37Z2013-01-15T20:47:50Z
The authorization is fine, but it's scary to see your data floating along the wire in plain-text <img src="http://git-annex.branchable.com/smileys/smile.png" alt=":)" />