And no one pours new wine into old wineskins; otherwise, the new wine will break through the wineskins and flow out by itself, and the wineskins will be lost; but new wine must be poured into new wineskins; then both will be saved. Lx 5:37,38
In April of this year, the administration of the world's largest DC hub announced the start of support for secure connections. Let's see what came of it.
Freedom of conscience
Because everything I thought about it has already been said , this part of the article should not have been at all.
If you need security, choose a modern client and . Point.
But what if you still use the NMDC hub, that is, normal? In this case, you will have to deal with the incompatibility of old, very old, new, or simply unconfigured DC clients. But - it was done, and the problems were not long in coming.
Mafia
First, secure client-client connections are established regardless of the presence of client-hub encryption.
Secondly, it is impossible to visually determine the hub that broadcasts or does not broadcast requests for secure connections.
Thirdly, today, in almost all DC clients, connection encryption is enabled by default.
Remember? Now let's TLS settings on the user side, connect to the hub and carefully try to connect clients to each other.
NMDCs hub
DC++ categorically refuses secure connections on NMDC hubs, however, it fully approves regular ones. The developers have voiced the reason more than once - there is nothing to walk on the old rake!
StrongDC++ only supports TLS v.1.0, and modern clients don't connect to it at all. GreylinkDC++ is even worse.
FlylinkDC++ willingly falls into legacy client compatibility mode. Is it for a long time and is it necessary at all? ..
EiskaltDC++ does the same less willingly, only for its own needs.
ADC hub(s)
Everything is exactly the same, but DC ++ is actively included in the game.
EiskaltDC++ doesn't seem to make a difference between NMDC and ADC hubs, being strict on both.
And if you filter out outdated clients by setting the mandatory requirement to support TLS v.1.2 as an input? ..
ADCs hub(s)
Great, isn't it?
Conclusions
It may seem to the reader that it is best to use FlylinkDC++ and not have problems, but you forget that this client by itself. One of the last incidents with it that I know of is that many users did not check the checkboxes for supporting secure connections with the help of a remote config and the actual absence of them in all its earlier versions.
As a result, due to many historical and political reasons, the use of NMDCs hubs as a base for secure inter-client connections is difficult or even impossible. Using the NMDCs hub, you are guaranteed to lose the ability to connect with some users, and in return you get security - but without guarantees.
Recommendations
Start using ADC hubs, even if it's upfront. Refuse outdated clients and, if you are a DC hub admin, ban Strong and Gray. For
Every kingdom divided against itself will be desolate; and every city or house divided against itself shall not stand. Matt. 12: 25
Source: habr.com