April 29, 2019 at 13:48Traffic or Encryption of traffic in Direct Connect, part 3
And no one pours young wine into worn bellows; otherwise the young wine will break through the bellows, and it will flow out, and the bellows will be lost; but young wine must be poured into new wineskins; then both will be saved. Lx 5: 37.38
In April this year, the administration of the world's largest DC hub announced support for secure connections. Let's see what came of it.
Translate to English
Freedom of conscience
Because all I thought about it, it was already suggested earlier , this part of the article is not meant to be.
Mafia
First, secure client-to-client connections are established regardless of client-hub encryption.
Secondly, it is impossible to visually identify a hub that transmits or does not translate requests for secure connections.
Thirdly, today in almost all DC clients, encryption of connections is enabled by default.
Do you remember? Now let's checkTLS settings on the user side, connect to the hub and carefully try to connect clients to each other.
NMDCs hub
DC ++ categorically rejects secure connections on NMDC hubs, however, it fully favors conventional ones. The developers have voiced the reason more than once - there is nothing to walk on the old rake!
StrongDC ++ can only TLS v.1.0, and modern clients do not connect to it at all.
With GreylinkDC ++ still worse.
FlylinkDC ++ eagerly falls into compatibility mode. Is this for long and is it necessary at all? ..
EiskaltDC ++ does the same thing less willingly, only for its own needs.
ADC hub (s)
Everything is exactly the same, but DC ++ is actively included in the game. Traffic encryption for it is possible only on ADC hubs.
EiskaltDC ++ does not seem to make a difference between NMDC and ADC hubs, strictly to both. Whether it is good or bad is up to you.
So. And if you filter outdated clients by setting an obligatory requirement to support TLS v.1.2 as an input? ..
ADCs hub (s)
Comments, I think, are unnecessary.
Conclusions
For many historical and political reasons, using hub NMDCs as a base for secure inter-client connections is difficult or even impossible. Using NMDCs hub, you with a guarantee lose the ability to connect with some users, and in return get security - but without guarantees.
Recommendations
Start using ADC hubs, at least in advance. Refuse obsolete clients and, if you are the admin of the DC hub, ban Strong and Gray from yourself. For
Every kingdom, divided in itself, will be deserted; and every city or house divided in itself will not stand.Matt. 12:25
In April this year, the administration of the world's largest DC hub announced support for secure connections. Let's see what came of it.
Translate to English
Freedom of conscience
Because all I thought about it, it was already suggested earlier , this part of the article is not meant to be.
If you need security, choose a modern client and ADCs hub . Point.But what if you still use the NMDC hub, in other words, the usual one ? In this case, you will have to face the incompatibility of old, very old, new, or simply unconfigured DC clients. But - this was done, and the problems were not long in coming.
Mafia
First, secure client-to-client connections are established regardless of client-hub encryption.
Secondly, it is impossible to visually identify a hub that transmits or does not translate requests for secure connections.
Thirdly, today in almost all DC clients, encryption of connections is enabled by default.
Do you remember? Now let's checkTLS settings on the user side, connect to the hub and carefully try to connect clients to each other.
NMDCs hub
DC ++ categorically rejects secure connections on NMDC hubs, however, it fully favors conventional ones. The developers have voiced the reason more than once - there is nothing to walk on the old rake!
StrongDC ++ can only TLS v.1.0, and modern clients do not connect to it at all.
With GreylinkDC ++ still worse.
FlylinkDC ++ eagerly falls into compatibility mode. Is this for long and is it necessary at all? ..
EiskaltDC ++ does the same thing less willingly, only for its own needs.
Update from 10.24.2019
ADC hub (s)
Everything is exactly the same, but DC ++ is actively included in the game. Traffic encryption for it is possible only on ADC hubs.
EiskaltDC ++ does not seem to make a difference between NMDC and ADC hubs, strictly to both. Whether it is good or bad is up to you.
Update from 10.24.2019
So. And if you filter outdated clients by setting an obligatory requirement to support TLS v.1.2 as an input? ..
ADCs hub (s)
Comments, I think, are unnecessary.
Conclusions
For many historical and political reasons, using hub NMDCs as a base for secure inter-client connections is difficult or even impossible. Using NMDCs hub, you with a guarantee lose the ability to connect with some users, and in return get security - but without guarantees.
Recommendations
Start using ADC hubs, at least in advance. Refuse obsolete clients and, if you are the admin of the DC hub, ban Strong and Gray from yourself. For
Every kingdom, divided in itself, will be deserted; and every city or house divided in itself will not stand.Matt. 12:25