From 9c5895369839cdf4af1ddf2ba4503aa1cc1611dd Mon Sep 17 00:00:00 2001
From: madblobfish <madblobfish@users.noreply.github.com>
Date: Fri, 13 Oct 2017 21:09:43 +0200
Subject: [PATCH 1/2] Settings: secure by default, disallow selfsigned
 certificates

Most users will use the default values and will therefore have an insecure setup.
The result can be Man-in-the-Middle or other attacks on rambox users when using default settings!
---
 app/model/Service.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/model/Service.js b/app/model/Service.js
index b43df033..9d77df41 100644
--- a/app/model/Service.js
+++ b/app/model/Service.js
@@ -56,7 +56,7 @@ Ext.define('Rambox.model.Service', {
 	},{
 		 name: 'trust'
 		,type: 'boolean'
-		,defaultValue: true
+		,defaultValue: false
 	},{
 		 name: 'enabled'
 		,type: 'boolean'

From 7dced6925d5766eeac3f0b8f13d77b183827fd10 Mon Sep 17 00:00:00 2001
From: madblobfish <madblobfish@users.noreply.github.com>
Date: Fri, 13 Oct 2017 22:35:05 +0200
Subject: [PATCH 2/2] Uncheck "Trust invalid authority certificates" when
 adding new Services

Most users will use the default values and will therefore have an insecure setup.
The result can be Man-in-the-Middle or other attacks on rambox users when using default settings!
---
 app/view/add/Add.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/view/add/Add.js b/app/view/add/Add.js
index 78544f08..9c9730cc 100644
--- a/app/view/add/Add.js
+++ b/app/view/add/Add.js
@@ -191,7 +191,7 @@ Ext.define('Rambox.view.add.Add',{
 										,boxLabel: locale['app.window[19]']
 										,name: 'trust'
 										,hidden: me.record.get('type') !== 'custom'
-										,checked: me.edit ? me.record.get('trust') : true
+										,checked: me.edit ? me.record.get('trust') : false
 										,uncheckedValue: false
 										,inputValue: true
 									}