Oculus https

[Alfredo]

Hallo

I think a crypted connection would be useful especially if connecting to Oculus from the net.

There is a way to activate the https protocol in Oculus server?

Thanks.

Regards.

[XaxxonColin]

Thanks for the suggestion-

The relevant data that would require encryption (ie., login string) is sent via RTMP rather than HTTP (ie., default port 1935)--so, HTTPS wouldn't be of any use. 

The preferred method to encrypt RTMP data is to use the RTMPS protocol -- we have avoided support for this, for simplicity's sake, since every user will at least have to set up their own SSL key specific to the domain/address they're using. 

BUT we do intent to implement this -- we'll try to have bare bones support ready for our next software update.

All this aside, 'man in the middle' attacks that this would protect from are rare, especially for RTMP connections -- if an attacker is sophisticated enough to sniff your RTMP communication you probably have bigger things to worry about, and simply plugging that hole will just be buying you some time... ;-)