Skip to content

Remove InsecureSkipVerify #302

Open
Open
Remove InsecureSkipVerify#302
@HashimTheArab

Description

@HashimTheArab
HashimTheArab
opened on Mar 26, 2025

gophertunnel/minecraft/auth/xbox.go

Lines 45 to 55 in fdd82ea

return nil, fmt.Errorf("live token is no longer valid")
}
c := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
Renegotiation: tls.RenegotiateOnceAsClient,
InsecureSkipVerify: true,
},
},
}
defer c.CloseIdleConnections()

This is considered bad practice / security flaw
I believe on Android it's causing devices to block the request, not completely sure, but I don't think it's needed?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions