TLS and Encryption

[en_dator]

During the last weeks I have been flooded with questions about TLS, about encryption and other things. Things that for us that has been keeping up with development the last years already know, but for those of you that are new to the dc community or just have ignored what has been going on and is just now realising how much has changed since the days of fulDC, odc and other old clients, I thought it could be a good idea to start this thread to try and put all the information in one place for all of you to read and discuss.

So here it is.

We'll take this in parts, first Hub - Client communication

For the communication between the hub and your client to be encrypted support is needed in the hub soft and to my knowledge there is no working hubsoft for old nmdc that supports this, the only way to have encrypted communication here is to use an adc hubsoft and connect in adcs mode, (adcs://) (Link to info about hubs supporting adcs ).

If connected in adcs mode everything between you and the hub is encrypted, main, pm, searches etc, if not, then everything is sent in clear text according to the adc and nmdc protocols.

second part Client - Client communication.

For the communication between clients to be encrypted all that is needed is that both clients support TLS and have it enabled, then all transfers between the two will be encrypted (in the client transfer view you can see this as the text "DHE-RSA-AES256-SHA" in the Cipher column and in the status column you see it as or [S] in front of the status text.
[S] - Trusted secure connection, this will show if you and the other client has each others cert stored in the trusted certificate folder.
- Untrusted secure connection, this means encryption is still used but no certificate exchange has been made.

The other characters mean:
[T] - TTH Checked
[Z] - Zlib compressed transfer

To enable TLS in your client you need to check all three boxes on the security tab in settings, and you need to generate a certificate by pressing the button where it says Generate certificate, add the client.key in the first path box, client.crt in the second, and add a folder for storing trusted certs from other users in the third path box.

On the connection tab in setting you must put a port number in the TLS box and forward this in your router (its a port of type TCP, just like the first tcp port) remember to use a unique number that is not in use by any other soft on your computer.

After restarting the client it should now work.

This procedure should work for all recent clients that has the TLS port in settings, with the exception that currently DC++ does NOT use encryption on nmdc hubs, only adc hubs (since LinuxDC++ is based off DC++ i assume the same is true for it but I have not tested this).

[Pietry]

Latest DC++ also auto creates certificates on start up if missing.

[Toast]

Well better safe then sorry thats what we where discussing so pressing the button doesn't hurt

[Cobra]

Nice write up.

say, any clues as to why the only clients combo I can get encrypted transfers between is SDC to SDC? Anybody find other clients that can do it? I am testing on NMDC hub

[HaArD]

It's an sdc feature... and probably never going to be implemented in DC++. You should be able to connect with ApexDC++ and RSX++ which are sdc derivative....

https://blueprints.launchpad.net/strong ... c/nmdc-tls

http://dcpp.wordpress.com/2008/07/22/en ... revisited/

[en_dator]

it should work fine with DC++ too, but you need to be in an adc hub, (at least that was true for 0.7091, I havent looked at the last one yet).

[adrian_007]

it's a sdc extension for NMDC, on adc every client support tls.

[Dj_Offset]

on adc every client support tls.

Wow, really?
I somehow find that hard to beleive...

[adrian_007]

dc++ based