Traffic or Encryption of traffic in Direct Connect, part 3

    And no one pours young wine into worn bellows; otherwise the young wine will break through the bellows, and it will flow out, and the bellows will be lost; but young wine must be poured into new wineskins; then both will be saved. Lx 5: 37.38

    In April this year, the administration of the world's largest DC hub announced support for secure connections. Let's see what came of it.

    Translate to English

    Freedom of conscience

    Because all I thought about it, it was already suggested earlier , this part of the article is not meant to be.
    If you need security, choose a modern client and ADCs hub . Point.
    But what if you still use the NMDC hub, in other words, the usual one ? In this case, you will have to face the incompatibility of old, very old, new, or simply unconfigured DC clients. But - this was done, and the problems were not long in coming.

    Mafia

    First, secure client-to-client connections are established regardless of client-hub encryption.

    Secondly, it is impossible to visually identify a hub that transmits or does not translate requests for secure connections.

    Thirdly, today in almost all DC clients, encryption of connections is enabled by default.

    Do you remember? Now let's checkTLS settings on the user side, connect to the hub and carefully try to connect clients to each other.

    NMDCs hub



    DC ++ categorically rejects secure connections on NMDC hubs, however, it fully favors conventional ones. The developers have voiced the reason more than once - there is nothing to walk on the old rake!

    StrongDC ++ can only TLS v.1.0, and modern clients do not connect to it at all.
    With GreylinkDC ++ still worse.

    FlylinkDC ++ eagerly falls into compatibility mode. Is this for long and is it necessary at all? ..

    EiskaltDC ++ does the same thing less willingly, only for its own needs.

    Update from 10.24.2019


    ADC hub (s)



    Everything is exactly the same, but DC ++ is actively included in the game. Traffic encryption for it is possible only on ADC hubs.

    EiskaltDC ++ does not seem to make a difference between NMDC and ADC hubs, strictly to both. Whether it is good or bad is up to you.

    Update from 10.24.2019


    So. And if you filter outdated clients by setting an obligatory requirement to support TLS v.1.2 as an input? ..

    ADCs hub (s)



    Comments, I think, are unnecessary.

    Conclusions

    For many historical and political reasons, using hub NMDCs as a base for secure inter-client connections is difficult or even impossible. Using NMDCs hub, you with a guarantee lose the ability to connect with some users, and in return get security - but without guarantees.

    Recommendations

    Start using ADC hubs, at least in advance. Refuse obsolete clients and, if you are the admin of the DC hub, ban Strong and Gray from yourself. For

    Every kingdom, divided in itself, will be deserted; and every city or house divided in itself will not stand.Matt. 12:25

    Also popular now: