Hello everyone,
it’s dangerous to deploy bitwarden/valutwarden on internet, although it supports TLS, it is unilateral authentication,everyone could click ‘continue’ button in browser to pass the https errors to attack it (BruteForceAttack, RCE, BufferOverFlow, etc.).
if bitwarden/vaultwarden could support TLS mutual authentication, then only the one who has the client certificate in browser or other clients could access bitwarden/vaultwarden server on internet, it will be security more and more.
At present, I have implemented TLS mutual authentication with self-signed certificate in web browser by nginx reverse proxy, it works well in Chrome/Edge web browser, but not iOS/Android mobile clients.
I found this topic on github about the difficulty in iOS/Android to implement TLS mutual authentication, and I gived a solution and some code to sovle it, but after a few days I have not got any reply, so I try to find some help here.