Just wanted to say that I’m still impressed and grateful that the Plex team has listened to its users and developed a sophisticated SSL solution to secure the connections Plex uses! With time things like this go forgotten, but I’m still glad about the green lock when I see it in the browser. I just wish Plex would have secured its forums better, and I hope they do something about the leak that has resulted from it and the fact that shady operations like that vpn site abuse that email list. And please don’t let security become less than a high priority ever again. It’s better to prevent security breaches than deal with the aftermath!
The security assessment on www.ssllabs.com has also reduced the grade from an A+, back when the new SSL solution was announced, to an A- because Plex does not support Forward Secrecy with reference browsers:
For all practical purposes it’s a non-issue. Plex uses SSL encryption PLUS uses tokens for each user plus runs a built in web server that only listens and responds on certain ports. So to exploit Plex you would have to defeat multiple things.
No software/system is ever 100% secure anymore these days. I would bet most users of this forum have devices in their home network network that have web and other network interfaces such as your printers, wifi, IoT devices, etc that are much more of a security concern then Plex ever was even before they implemented SSL.
I follow this type of thing pretty well and since Plex introduced SSL there has’t been any known exploits that I’m aware of.
I personally am very pleased with the private key/SSL implementation they came up with. It’s unique and just plain works.
As the op mentioned, Plex does deserve KUDOs for this!
Carlo
