TLS and Encryption

If you got some trouble or need help configuring AirDC++, we're here to help

TLS and Encryption

Postby en_dator » 01 Mar 2009, 13:50

During the last weeks I have been flooded with questions about TLS, about encryption and other things. Things that for us that has been keeping up with development the last years already know, but for those of you that are new to the dc community or just have ignored what has been going on and is just now realising how much has changed since the days of fulDC, odc and other old clients, I thought it could be a good idea to start this thread to try and put all the information in one place for all of you to read and discuss.

So here it is.

We'll take this in parts, first Hub - Client communication

For the communication between the hub and your client to be encrypted support is needed in the hub soft and to my knowledge there is no working hubsoft for old nmdc that supports this, the only way to have encrypted communication here is to use an adc hubsoft and connect in adcs mode, (adcs://) (Link to info about hubs supporting adcs ).

If connected in adcs mode everything between you and the hub is encrypted, main, pm, searches etc, if not, then everything is sent in clear text according to the adc and nmdc protocols.

second part Client - Client communication.

For the communication between clients to be encrypted all that is needed is that both clients support TLS and have it enabled, then all transfers between the two will be encrypted (in the client transfer view you can see this as the text "DHE-RSA-AES256-SHA" in the Cipher column and in the status column you see it as [U] or [S] in front of the status text.
[S] - Trusted secure connection, this will show if you and the other client has each others cert stored in the trusted certificate folder.
[U] - Untrusted secure connection, this means encryption is still used but no certificate exchange has been made.

The other characters mean:
[T] - TTH Checked
[Z] - Zlib compressed transfer

To enable TLS in your client you need to check all three boxes on the security tab in settings, and you need to generate a certificate by pressing the button where it says Generate certificate, add the client.key in the first path box, client.crt in the second, and add a folder for storing trusted certs from other users in the third path box.

On the connection tab in setting you must put a port number in the TLS box and forward this in your router (its a port of type TCP, just like the first tcp port) remember to use a unique number that is not in use by any other soft on your computer.

After restarting the client it should now work.

This procedure should work for all recent clients that has the TLS port in settings, with the exception that currently DC++ does NOT use encryption on nmdc hubs, only adc hubs (since LinuxDC++ is based off DC++ i assume the same is true for it but I have not tested this).

/1dat
ÜndèrGrøund® Ñètwø®k - FlexHub - AirDC++
Because the world never was the same, and never will have been http://xkcd.com/394/
User avatar
en_dator
Site Admin
 
Posts: 486
Joined: 22 Sep 2008, 22:32

Re: TLS and Encryption

Postby Guest » 01 Mar 2009, 14:01

For any news about ADC and the development happening across there check ADCPortal (www.adcportal.com) incase you truly are interested in ADC and the new stuff happening there.
Guest
 

Re: TLS and Encryption

Postby Hamachi » 04 May 2009, 09:09

what mean [C] ??
Hamachi
Beta Tester
 
Posts: 69
Joined: 28 Nov 2008, 18:12

Re: TLS and Encryption

Postby bl0m5t3r » 07 May 2009, 19:37

C means Chunk, or in other words, partial file download.
User avatar
bl0m5t3r
Official Translator
 
Posts: 77
Joined: 07 Dec 2008, 16:44
Location: the netherlands

Re: TLS and Encryption

Postby FullC » 08 May 2009, 20:03

Actually [C] means the client just requests the file in chunks, and not the whole file from start to finish at once. The file in question can be partial or complete on your hard drive.

If you see [P], that is something different. I see [P] on uploads not even hashed yet, but finished on disk. I guess this is what blomster meant, but decided to clarify to avoid misunderstandings.
FullC
 
Posts: 66
Joined: 11 Nov 2008, 18:08

Re: TLS and Encryption

Postby veo » 09 Jun 2017, 02:24

What about https? I have ADCPP 2.0.1 with web client. And I want to setup https access to my ADCPP. Where to put certs? What about pem certs? How to set up https?

Forget to tell, certs from Let's Encrypt.
veo
 
Posts: 1
Joined: 01 Dec 2016, 18:03

Re: TLS and Encryption

Postby maksis » 09 Jun 2017, 07:04

One solution would be to set up nginx to use the certs: https://www.nginx.com/blog/free-certifi ... and-nginx/

You can then set up access to airdcpp via nginx: https://airdcpp-web.github.io/docs/adva ... setup.html
User avatar
maksis
Site Admin
 
Posts: 868
Joined: 23 Nov 2010, 18:56


Return to The Help Desk

Who is online

Users browsing this forum: No registered users and 6 guests

cron