TSL

[Goralf 0]

Some kind of security implementation obviously, but what exactly is it intended to do? Is this feature only in StrongDC++ based clients or in others as well?

Are there malicious hubs out there we need to be protected from?

[Exergy 0]

I also would like to know this, if anyone knows the answer, thanks :)

[Crise 26]

It's for ADC hubs that support it (adcs://), which technically means it's no use on 99,9% of the hubs, for now...

[balder 1]

use dcdev hub (secure vertion) to test. (i think please correct if wrong)

Edited August 5, 2006 by balder

[Goralf 0]

Thank you for your answers so far...

So it is used for ADC hubs... but what is the point of it?

[Crise 26]

Thank you for your answers so far...

So it is used for ADC hubs... but what is the point of it?

It's used to encrypt connections and transfers, but as ADC is still a draft this feature can be considered experimental and "in works" kind of feature...

[Goralf 0]

Thnxs Crise. Sounds like a good idea.

[Sidetrack 0]

From what I have been able to gleem about TLS is its idea is the work with encrypted segments for files, and creates certificates for the keys, this way both sides can decrypt the segments when it gets to the other end but at the moment its NOT a standard as the data is not encrypted by most clients or hubsofts. but with the miagration to ADC, this is a possiblity. will be interesting to see how it does. however, I also think it will bring unwanted attention to DCC because it shows a deliberate attempt to "Hide" something from officials or other entities.. Thats why most are being shut down.. they brought it on themselves by trying to deliberately hide things.. best way to hide something, is to put it right in front of their faces..

[Crise 26]

best way to hide something, is to put it right in front of their faces..

So true... so true. :ermm:

[gadasch 0]

Is it TSL or TLS?

Let's turn this into a bonafide [albeit nit-pickin'] bug report. At the top of the Security Settings dialog box it says "TSL." All other references I've seen say "TLS." Either way, I still have no idea what it stands for or why it needs a TCP/UDP port of its own.

And while we're reporting nit-pickin' spelling errors... The message during list generation that begins "User has choosen not to share..." drives me absolutely nuts (like fingernails on a blackboard) every time I see it. That is obviously a transplant from PWDCC. Would somebody PLEASE fix it before it perpetuates any further?

[Crise 26]

Is it TSL or TLS?

Let's turn this into a bonafide [albeit nit-pickin'] bug report. At the top of the Security Settings dialog box it says "TSL." All other references I've seen say "TLS." Either way, I still have no idea what it stands for or why it needs a TCP/UDP port of its own.

Sorry, my mistake

And while we're reporting nit-pickin' spelling errors... The message during list generation that begins "User has choosen not to share..." drives me absolutely nuts (like fingernails on a blackboard) every time I see it. That is obviously a transplant from PWDCC. Would somebody PLEASE fix it before it perpetuates any further?

Heh, it's just a spelling error, why it annoys you so much?

[Lee 84]

Is it TSL or TLS?

Let's turn this into a bonafide [albeit nit-pickin'] bug report. At the top of the Security Settings dialog box it says "TSL." All other references I've seen say "TLS." Either way, I still have no idea what it stands for or why it needs a TCP/UDP port of its own.

And while we're reporting nit-pickin' spelling errors... The message during list generation that begins "User has choosen not to share..." drives me absolutely nuts (like fingernails on a blackboard) every time I see it. That is obviously a transplant from PWDCC. Would somebody PLEASE fix it before it perpetuates any further?

If you don't know by now, the majority of DC++ mod author's language is not English. :D

[gadasch 0]

If you don't know by now, the majority of DC++ mod author's language is not English.

Yes, I know.... meant no offense. :D

[balder 1]

6.4.1Introduction

Secure ADC connections can be established using a TLS tunnel, both for hub and for client connections. Certificates can be used to authenticate both hub and user, for example by making the hub the root CA, and only allow clients signed by the hub to connect. Ephemeral keys should be use to ensure forward secrecy when possible.

6.4.2Client-Hub encryption

TLS client-hub connections can be initiated either by negotiating the feature “ADCS” on connection or by using the protocol adcs:// when initiating the connection. Hubs can choose to request a certificate for the user on login, and use this certificate to replace password-based login.

6.4.3Client-Client encryption

TLS client-client connections can be established either by negotiating the feature “ADCS” on connection or by specifying “ADCS/1.0” in the CTM protocol field. Clients supporting encrypted connections must indicate this in the INF SU field with “ADCS”

this basicly means that connectios between you and the hub you are in will be encryptid and that file transfers be enrypted (assuming both parties support it). however the connection is only secure if you 'Trust' the person/hub you are connected too.

Edit: just wanted to say that this is a very early draft. It could and most likly will change quite a bit.

Edited August 13, 2006 by balder

[Lee 84]

Edit: just wanted to say that this is a very early draft. It could and most likly will change quite a bit.

I just don't see why they've put it in the client so early.. Hardly anyone will use it.

[balder 1]

I just don't see why they've put it in the client so early.. Hardly anyone will use it.

the only thing i can think of is to bring it onto the radar of hub owners i.e. pki is comming, get ready

[Artful 0]

Would be nice to have an explanation of what generate certificate button does.

I seem to get error message, "the system cannot find the file specified"

What file is it looking for, as I have created a key and certificate myself using ssft.exe following instructions on this site, http://ullner.blogspot.com/2006/03/creatin...es-for-ssl.html

I have no way of testing secure ADC chat/file transfer unfortunately. An extension to the connection test would be great for checking SSL/TLS is set up properly.

[Artful 0]

Balder,

In your post earlier in the thread you give a link to a secure ADC hub dcdev.

Your link begins with sadc:// it would appear that this should be adcs://

adcs://dcdev.no-ip.org:16591

But even this isn't working for me and I think I have created the keys properly

[SatansEvilTwin 0]

Artful said:

 

 

Edited July 2, 2017 by SatansEvilTwin

[Satan 1]

AFAIK if the hub software supports ADC it will automatically work.

[Rustinov 0]

Don't forget under Windows and before using TLS U must install the win32 layer to be recognized.

Here ==> http://www.slproweb.com/products/Win32OpenSSL.html

[Pothead 0]

You don't any more. With Yassl and Taocrypt that was needed. Since OpenSSL been included in the source it's not needed. :)

[YouKnowWho 0]

The filelist transfer in TSL mode doesn't seem to work well, sometimes lists are loaded, sometimes not. I'm afraid I can't be more specific than that but it seems to be a problem of all the latest batch of software based on 0.704.

[Zlobomir 3]

You are sure that the "failing" peers have everything set up correctly?

[balder 1]

youknowwho do you get the same problems in dc++.