if nc == nil {
return
}
- c, err = cl.handshakesConnection(nc, t, !cl.config.DisableEncryption, utp)
+ encryptFirst := !cl.config.DisableEncryption && !cl.config.PreferNoEncryption
+ c, err = cl.handshakesConnection(nc, t, encryptFirst, utp)
if err != nil {
nc.Close()
return
return
}
nc.Close()
- if cl.config.DisableEncryption {
- // We already tried without encryption.
+ if cl.config.DisableEncryption || cl.config.ForceEncryption {
+ // There's no alternate encryption case to try.
return
}
- // Try again without encryption, using whichever protocol type worked last
- // time.
+ // Try again with encryption if we didn't earlier, or without if we did,
+ // using whichever protocol type worked last time.
if utp {
nc, err = cl.dialUTP(addr, t)
} else {
err = fmt.Errorf("error dialing for unencrypted connection: %s", err)
return
}
- c, err = cl.handshakesConnection(nc, t, false, utp)
+ c, err = cl.handshakesConnection(nc, t, !encryptFirst, utp)
if err != nil || c == nil {
nc.Close()
}
return
}
}
+ if cl.config.ForceEncryption && !c.encrypted {
+ err = errors.New("connection not encrypted")
+ return
+ }
ih, ok, err := cl.connBTHandshake(c, nil)
if err != nil {
err = fmt.Errorf("error during bt handshake: %s", err)
// Called to instantiate storage for each added torrent. Builtin backends
// are in the storage package. If not set, the "file" implementation is
// used.
- DefaultStorage storage.ClientImpl
- DisableEncryption bool `long:"disable-encryption"`
+ DefaultStorage storage.ClientImpl
+
+ DisableEncryption bool `long:"disable-encryption"`
+ ForceEncryption bool // Don't allow unobfuscated connections.
+ PreferNoEncryption bool
IPBlocklist iplist.Ranger
DisableIPv6 bool `long:"disable-ipv6"`