Page 1 of 1

TLS and Encryption

PostPosted: 01 Mar 2009, 13:50
by en_dator
During the last weeks I have been flooded with questions about TLS, about encryption and other things. Things that for us that has been keeping up with development the last years already know, but for those of you that are new to the dc community or just have ignored what has been going on and is just now realising how much has changed since the days of fulDC, odc and other old clients, I thought it could be a good idea to start this thread to try and put all the information in one place for all of you to read and discuss.

So here it is.

We'll take this in parts, first Hub - Client communication

For the communication between the hub and your client to be encrypted support is needed in the hub soft and to my knowledge there is no working hubsoft for old nmdc that supports this, the only way to have encrypted communication here is to use an adc hubsoft and connect in adcs mode, (adcs://) (Link to info about hubs supporting adcs ).

If connected in adcs mode everything between you and the hub is encrypted, main, pm, searches etc, if not, then everything is sent in clear text according to the adc and nmdc protocols.

second part Client - Client communication.

For the communication between clients to be encrypted all that is needed is that both clients support TLS and have it enabled, then all transfers between the two will be encrypted (in the client transfer view you can see this as the text "DHE-RSA-AES256-SHA" in the Cipher column and in the status column you see it as [U] or [S] in front of the status text.
[S] - Trusted secure connection, this will show if you and the other client has each others cert stored in the trusted certificate folder.
[U] - Untrusted secure connection, this means encryption is still used but no certificate exchange has been made.

The other characters mean:
[T] - TTH Checked
[Z] - Zlib compressed transfer

To enable TLS in your client you need to check all three boxes on the security tab in settings, and you need to generate a certificate by pressing the button where it says Generate certificate, add the client.key in the first path box, client.crt in the second, and add a folder for storing trusted certs from other users in the third path box.

On the connection tab in setting you must put a port number in the TLS box and forward this in your router (its a port of type TCP, just like the first tcp port) remember to use a unique number that is not in use by any other soft on your computer.

After restarting the client it should now work.

This procedure should work for all recent clients that has the TLS port in settings, with the exception that currently DC++ does NOT use encryption on nmdc hubs, only adc hubs (since LinuxDC++ is based off DC++ i assume the same is true for it but I have not tested this).


Re: TLS and Encryption

PostPosted: 01 Mar 2009, 14:01
by Guest
For any news about ADC and the development happening across there check ADCPortal ( incase you truly are interested in ADC and the new stuff happening there.

Re: TLS and Encryption

PostPosted: 04 May 2009, 09:09
by Hamachi
what mean [C] ??

Re: TLS and Encryption

PostPosted: 07 May 2009, 19:37
by bl0m5t3r
C means Chunk, or in other words, partial file download.

Re: TLS and Encryption

PostPosted: 08 May 2009, 20:03
by FullC
Actually [C] means the client just requests the file in chunks, and not the whole file from start to finish at once. The file in question can be partial or complete on your hard drive.

If you see [P], that is something different. I see [P] on uploads not even hashed yet, but finished on disk. I guess this is what blomster meant, but decided to clarify to avoid misunderstandings.

Re: TLS and Encryption

PostPosted: 09 Jun 2017, 02:24
by veo
What about https? I have ADCPP 2.0.1 with web client. And I want to setup https access to my ADCPP. Where to put certs? What about pem certs? How to set up https?

Forget to tell, certs from Let's Encrypt.

Re: TLS and Encryption

PostPosted: 09 Jun 2017, 07:04
by maksis
One solution would be to set up nginx to use the certs: ... and-nginx/

You can then set up access to airdcpp via nginx: ... setup.html