Sign in to follow this  
Followers 0
Goralf

TSL

25 posts in this topic

Some kind of security implementation obviously, but what exactly is it intended to do? Is this feature only in StrongDC++ based clients or in others as well?

Are there malicious hubs out there we need to be protected from?

Share this post


Link to post
Share on other sites

It's for ADC hubs that support it (adcs://), which technically means it's no use on 99,9% of the hubs, for now...

Share this post


Link to post
Share on other sites

Thank you for your answers so far...

So it is used for ADC hubs... but what is the point of it?

Share this post


Link to post
Share on other sites

Thank you for your answers so far...

So it is used for ADC hubs... but what is the point of it?

It's used to encrypt connections and transfers, but as ADC is still a draft this feature can be considered experimental and "in works" kind of feature...

Share this post


Link to post
Share on other sites

From what I have been able to gleem about TLS is its idea is the work with encrypted segments for files, and creates certificates for the keys, this way both sides can decrypt the segments when it gets to the other end but at the moment its NOT a standard as the data is not encrypted by most clients or hubsofts. but with the miagration to ADC, this is a possiblity. will be interesting to see how it does. however, I also think it will bring unwanted attention to DCC because it shows a deliberate attempt to "Hide" something from officials or other entities.. Thats why most are being shut down.. they brought it on themselves by trying to deliberately hide things.. best way to hide something, is to put it right in front of their faces..

Share this post


Link to post
Share on other sites

best way to hide something, is to put it right in front of their faces..

So true... so true. :ermm:

Share this post


Link to post
Share on other sites

Is it TSL or TLS?

Let's turn this into a bonafide [albeit nit-pickin'] bug report. At the top of the Security Settings dialog box it says "TSL." All other references I've seen say "TLS." Either way, I still have no idea what it stands for or why it needs a TCP/UDP port of its own.

And while we're reporting nit-pickin' spelling errors... The message during list generation that begins "User has choosen not to share..." drives me absolutely nuts (like fingernails on a blackboard) every time I see it. That is obviously a transplant from PWDCC. Would somebody PLEASE fix it before it perpetuates any further?

Share this post


Link to post
Share on other sites

Is it TSL or TLS?

Let's turn this into a bonafide [albeit nit-pickin'] bug report. At the top of the Security Settings dialog box it says "TSL." All other references I've seen say "TLS." Either way, I still have no idea what it stands for or why it needs a TCP/UDP port of its own.

Sorry, my mistake :D

And while we're reporting nit-pickin' spelling errors... The message during list generation that begins "User has choosen not to share..." drives me absolutely nuts (like fingernails on a blackboard) every time I see it. That is obviously a transplant from PWDCC. Would somebody PLEASE fix it before it perpetuates any further?

Heh, it's just a spelling error, why it annoys you so much?

Share this post


Link to post
Share on other sites

Is it TSL or TLS?

Let's turn this into a bonafide [albeit nit-pickin'] bug report. At the top of the Security Settings dialog box it says "TSL." All other references I've seen say "TLS." Either way, I still have no idea what it stands for or why it needs a TCP/UDP port of its own.

And while we're reporting nit-pickin' spelling errors... The message during list generation that begins "User has choosen not to share..." drives me absolutely nuts (like fingernails on a blackboard) every time I see it. That is obviously a transplant from PWDCC. Would somebody PLEASE fix it before it perpetuates any further?

If you don't know by now, the majority of DC++ mod author's language is not English. :D

Share this post


Link to post
Share on other sites

If you don't know by now, the majority of DC++ mod author's language is not English. :)

Yes, I know.... meant no offense. :D

Share this post


Link to post
Share on other sites

6.4.1Introduction

Secure ADC connections can be established using a TLS tunnel, both for hub and for client connections. Certificates can be used to authenticate both hub and user, for example by making the hub the root CA, and only allow clients signed by the hub to connect. Ephemeral keys should be use to ensure forward secrecy when possible.

6.4.2Client-Hub encryption

TLS client-hub connections can be initiated either by negotiating the feature “ADCS” on connection or by using the protocol adcs:// when initiating the connection. Hubs can choose to request a certificate for the user on login, and use this certificate to replace password-based login.

6.4.3Client-Client encryption

TLS client-client connections can be established either by negotiating the feature “ADCS” on connection or by specifying “ADCS/1.0” in the CTM protocol field. Clients supporting encrypted connections must indicate this in the INF SU field with “ADCS”

this basicly means that connectios between you and the hub you are in will be encryptid and that file transfers be enrypted (assuming both parties support it). however the connection is only secure if you 'Trust' the person/hub you are connected too.

Edit: just wanted to say that this is a very early draft. It could and most likly will change quite a bit.

Edited by balder

Share this post


Link to post
Share on other sites

Edit: just wanted to say that this is a very early draft. It could and most likly will change quite a bit.

I just don't see why they've put it in the client so early.. Hardly anyone will use it.

Share this post


Link to post
Share on other sites

I just don't see why they've put it in the client so early.. Hardly anyone will use it.

the only thing i can think of is to bring it onto the radar of hub owners i.e. pki is comming, get ready

Share this post


Link to post
Share on other sites

Would be nice to have an explanation of what generate certificate button does.

I seem to get error message, "the system cannot find the file specified"

What file is it looking for, as I have created a key and certificate myself using ssft.exe following instructions on this site, http://ullner.blogspot.com/2006/03/creatin...es-for-ssl.html

I have no way of testing secure ADC chat/file transfer unfortunately. An extension to the connection test would be great for checking SSL/TLS is set up properly.

Share this post


Link to post
Share on other sites

Balder,

In your post earlier in the thread you give a link to a secure ADC hub dcdev.

Your link begins with sadc:// it would appear that this should be adcs://

adcs://dcdev.no-ip.org:16591

But even this isn't working for me and I think I have created the keys properly

Share this post


Link to post
Share on other sites

You don't any more. With Yassl and Taocrypt that was needed. Since OpenSSL been included in the source it's not needed. :)

Share this post


Link to post
Share on other sites

The filelist transfer in TSL mode doesn't seem to work well, sometimes lists are loaded, sometimes not. I'm afraid I can't be more specific than that but it seems to be a problem of all the latest batch of software based on 0.704.

Share this post


Link to post
Share on other sites

You are sure that the "failing" peers have everything set up correctly?

Share this post


Link to post
Share on other sites

youknowwho do you get the same problems in dc++.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0