default tacky.conf setup & examples are using lower case true for the SSL "enabled=" statement.

[pinztrek]

tacky.conf and setup are using lower case true for the SSL "enabled=" statement.
My read is it should be True, just like the "client_cert_required" below it in the samples and default taky.conf.

This is also in the deployment guides, etc. I guess it is possible that true also evals to True, but I'm now suspicious.

Background:

Been running taky for a while with DPS on an obscure port. Life was good. Due to more users and specifically, some on iTAK, I decided to expose 8443 rather than the high port used previously.

Once doing that, I immediately seeing many gets and posts in the DPS log from scanners. Clearly fishing, luckily not finding marti. Looking for common web exploits.

After chasing firewall settings, blackholing scanners, etc, still occurring. How were they getting in if SSL was enabled? Noticed the true vs True in the config. Changed to True, and no more bogons in the log, just legit traffic even on 8443.

I hope I'm wrong, but if not, folks need to check their taky.conf for this.

[pinztrek]

OK, I'm perplexed... configparser.getboolean docs use lowercase examples for true/false. But then say: "These string values are checked in a case-insensitive manner."

TOML docs indicate they should always be lowercase.

I'm trying both, but not seeing the bogons either way. Perhaps it was something else, but I was alarmed when I was seeing the GETs and POSTs from foreign entities that did not have the cert.

Feel free to close if you are confident of the behavior!