-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow protocol encryption in offline mode #3749
base: master
Are you sure you want to change the base?
Conversation
You probably don't have a way to disable encrypting for online players, right? 😎 It eats the most resources from the server. |
No, the authentication requires the encryption packets to be sent to exchange keys and shared secret. Authentication is started by the Encryption Request packet. |
Given there's no authentication, what benefit does this provide? |
It makes it somewhat more difficult for a bad actor to read/modify your game packets because it would require a man-in-the-middle attack instead of reading outgoing network traffic. This was more of a test I used while figuring out how the client-side encryption works and I thought it might be useful to have as a feature in BungeeCord, but I understand if it's not something you think BungeeCord needs. |
It makes the tablist have playerheads, could be cool for some offline mode servers to have these. I did a similar pr to this before. But i think api would be better than a config. |
maybe we should also support backend encryption, the backend could in theory have encryption enabled in offline mode. (Encryption packet does not mean online mode anymore, like in the current impl of the ServerConnector) @md-5 whats your opinion? |
Encryption of the connection of bungee and spigot servers is a cpu burden without ANY benefit. |
i am aware of that, it should be the server administrators decision to enable it. |
Adding options for the sake of options is just a (maintenance) burden. As I already stated in the other topic about encryption, offline-mode encryption allows mitm attack vector. So adding this option would at most give a false sense of confidentiality of the connection to bungeecord users when there is none guaranteed. |
offline-mode without encryption also allows mitm attack vector. also encrypted offline mode is in fact more confidential then no encryption |
also in fact there are benefits, the client do render the player head in tablist only with encryption enabled |
Thats for bungee - client, NOT for bungee - server |
thats right for bungee - server, |
in my opinion supporting network features is never (maintenance) burden. |
Snapshot 24w03a for version 1.20.5 added support for protocol encryption for offline-mode servers. This adds support for encrypting player connections if the proxy is in offline mode and the client is new enough.