From 1fc7c6b38356f3c691feabd9875dc5507b100072 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 23 Jul 2023 12:17:23 +0000 Subject: [PATCH] Update content of files --- data/web/corefork.telegram.org/bots/webhooks.html | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/data/web/corefork.telegram.org/bots/webhooks.html b/data/web/corefork.telegram.org/bots/webhooks.html index c5fe6b9d5e..2b961db31e 100644 --- a/data/web/corefork.telegram.org/bots/webhooks.html +++ b/data/web/corefork.telegram.org/bots/webhooks.html @@ -81,12 +81,12 @@ the range might expand or change.

How do I check for open ports or limit access to my bot?

  • -

    Always SSL/TLS

    +

    Always SSL/TLS

    A webhook requires SSL/TLS encryption, no matter which port is used. It's not possible to use a plain-text HTTP webhook. You shouldn't want to either, for the sake of your bot and users. SSL/TLS, why do I have to handle this for a webhook?

  • -

    Not all SSL/TLS is equal

    +

    Not all SSL/TLS is equal

    We support any SSL/TLS version TLS1.2 and up for your webhook. This means that SSLV2/3/TLS1.0/TSL1.1 are NOT supported, due to security issues associated with those older versions. How do I check that I’m handling the right version?

  • @@ -102,7 +102,7 @@ the range might expand or change.
  • Supported certificates

    -

    Not all verified certificates are supported. Certificates are based on a network of trust and come in a chain. Trusting your verified certificate means we have to trust the provider of that certificate, the Certificate Authority (and hence its root certificate). Before you pick a certificate provider, Check this list to make sure that we actually trust their root certificate. +

    Not all verified certificates are supported. Certificates are based on a network of trust and come in a chain. Trusting your verified certificate means we have to trust the provider of that certificate, the Certificate Authority (and hence its root certificate). Before you pick a certificate provider, Check this list to make sure that we actually trust their root certificate. What if my root certificate isn’t on that list?

  • @@ -198,7 +198,7 @@ sudo ufw allow in on interfacename to any port portnumber proto tcp from 91.108.
  • That’s all for our examples. More information on best practices for setting up your firewall, on whichever operating system you prefer for your bot, is best found on the internet.

    -
    SSL/TLS, what is it and why do I have to handle this for a webhook?
    +
    SSL/TLS, what is it and why do I have to handle this for a webhook?

    You’re already familiar with it in some form or another. Whenever you see that (nicely green) lock in your browser bar, you know it’s reasonably safe to assume that you’ve landed on the site you actually wanted to visit. If you see the green lock, that's SSL/TLS in action. If you want to learn more about how SSL/TLS works in general, it's best to search the internet.

    The main difference between getUpdates and a webhook is the way the connection takes place. getUpdates means you'll connect to our server, a webhook means we'll be connecting to your server instead. Connecting to your server has to be done secure, we have to know for sure it's you we're talking to after all. This means you'll have to handle all that server side encryption stuff, virtually presenting us with a green lock. If you use a web server for us to post to, you need to support SSL/TLS handling on the port/virtual host of your choice. An online search for "YOURWEBSERVER enable HTTPS" will help you.

    Not using a regular web server? Have a look at our example page, most examples there include code for handling SSL/TLS in a webhook setup.

    @@ -263,7 +263,7 @@ You can add -tls1_2 to force OpenSSL into using TLS1.2 when trying
  • A verified, supported certificate

    Using a verified certificate means you already have, or will obtain, a certificate backed by a trusted certificate authority (CA). There are many ways to acquire a verified certificate, paid or free. Two popular examples of free suppliers are StartSSL and Let’s Encrypt. You’re welcome to pick another. Just make sure first the supplier is likely to be supported. -Check this list before selecting a CA. +Check this list before selecting a CA. Once you’ve picked a CA and validated your identity with them, you can craft your certificate. This frequently starts by generating a CSR (Certificate Signing Request). Generating a CSR is done either through your host machine, or online via the tools provided by the CA.