is global encryption working?

[eleaner]

Bug Description

From version 0.50 tls encryption should be globally on by default it is not specifically called in the server config file (still frps.ini format) encryption is also not mentioned in the client config

but the dashboard reports encryption=false

does it mean that my frp communicates all in cleartext? I did not generate certificates. do I have to do it specifically?

frpc Version

0.54.0

frps Version

0.52.3

System Architecture

linux/amd64

Configurations

frps.ini

[common]
bind_addr = 0.0.0.0
bind_port = 7000
bind_udp_port = 7001
kcp_bind_port = 7000
vhost_http_port = 80
vhost_https_port = 443
dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
log_level = info
log_max_days = 3
disable_log_color = false
token = xxx
allow_ports = 2000-3000,4000
max_ports_per_client = 0
subdomain_host = frps.com
tcp_mux = true

frpc.toml

user = "user"
serverAddr = "frps.tld"
serverPort = 7000
auth.method = "token"
auth.token = xxx

[[proxies]]
name= "nextcloud"
type = "http"
localIP = "172.16.0.175"
localPort = 8000
subdomain = "nextcloud"
customDomains = ["nextcloud.tld"]

Logs

none

Steps to reproduce

3. ...

Affected area

• [ ] Docs
• [ ] Installation
• [ ] Performance and Scalability
• [X] Security
• [ ] User Experience
• [ ] Test and Release
• [ ] Developer Infrastructure
• [ ] Client Plugin
• [ ] Server Plugin
• [ ] Extensions
• [ ] Others

[fatedier]

You can use packet capturing to confirm whether the traffic is encrypted.

[eleaner]

I am not sure I know how to do it, but should it be encrypted? and why the dashboard say false?

[eleaner]

@fatedier Ok, so I generated all the keys and certificates, set them up on the server, forced encryption, and set them up on the client. Proxies are connected but the dashboard still says encryption = false. I tried to set transport.useEncryption but the option does not seem to be recognised for http proxies. An example toml has it only on ssh.

• does transport.useEncryption work with http?
• does the dashboard show the actual encryption or just indicate that the flag is set?

[xqzr]

https://gofrp.org/zh-cn/docs/features/common/network/network/#%E5%8A%A0%E5%AF%86%E4%B8%8E%E5%8E%8B%E7%BC%A9

[eleaner]

@xqzr Thank you, but I don't think it clearly answers my quesitons

[github-actions[bot]]

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

[eleaner]

I did not know how to check it so I generated certificates to be 100% sure my traffic is encrypted

On Wed, 3 Apr 2024 at 01:34, notifications at github.com < @.***> wrote:

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

— Reply to this email directly, view it on GitHub https://github.com/fatedier/frp/issues/4053#issuecomment-2033338158, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHOAM5GJSUZR3TUHJBHB53Y3NE75AVCNFSM6AAAAABERGQRQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZTGMZTQMJVHA . You are receiving this because you authored the thread.Message ID: @.***>

[xqzr]

I did not know how to check it so I generated certificates to be 100% sure my traffic is encrypted … On Wed, 3 Apr 2024 at 01:34, notifications at github.com < @.> wrote: Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close. — Reply to this email directly, view it on GitHub <#4053 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHOAM5GJSUZR3TUHJBHB53Y3NE75AVCNFSM6AAAAABERGQRQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZTGMZTQMJVHA . You are receiving this because you authored the thread.Message ID: @.>

https://github.com/fatedier/frp/blob/590ccda677afef39763e225fb777c3b2bf0ef4c7/conf/frps_full_example.toml#L44

[github-actions[bot]]

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.