[GH-ISSUE #4053] is global encryption working? #3210

New issue

Closed

opened 2026-05-05 14:04:27 -06:00 by gitea-mirror · 9 comments

gitea-mirror commented 2026-05-05 14:04:27 -06:00

Owner

Copy link

Originally created by @eleaner on GitHub (Mar 11, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/4053

Bug Description

From version 0.50 tls encryption should be globally on by default
it is not specifically called in the server config file (still frps.ini format)
encryption is also not mentioned in the client config

but the dashboard reports encryption=false

does it mean that my frp communicates all in cleartext?
I did not generate certificates. do I have to do it specifically?

frpc Version

0.54.0

frps Version

0.52.3

System Architecture

linux/amd64

Configurations

frps.ini

[common]
bind_addr = 0.0.0.0
bind_port = 7000
bind_udp_port = 7001
kcp_bind_port = 7000
vhost_http_port = 80
vhost_https_port = 443
dashboard_addr = 0.0.0.0
dashboard_port = 7500
dashboard_user = admin
dashboard_pwd = admin
log_level = info
log_max_days = 3
disable_log_color = false
token = xxx
allow_ports = 2000-3000,4000
max_ports_per_client = 0
subdomain_host = frps.com
tcp_mux = true

frpc.toml

user = "user"
serverAddr = "frps.tld"
serverPort = 7000
auth.method = "token"
auth.token = xxx

[[proxies]]
name= "nextcloud"
type = "http"
localIP = "172.16.0.175"
localPort = 8000
subdomain = "nextcloud"
customDomains = ["nextcloud.tld"]

Logs

none

Steps to reproduce

...

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @eleaner on GitHub (Mar 11, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/4053 ### Bug Description From version 0.50 tls encryption should be globally on by default it is not specifically called in the server config file (still frps.ini format) encryption is also not mentioned in the client config but the dashboard reports encryption=false does it mean that my frp communicates all in cleartext? I did not generate certificates. do I have to do it specifically? ### frpc Version 0.54.0 ### frps Version 0.52.3 ### System Architecture linux/amd64 ### Configurations frps.ini ``` [common] bind_addr = 0.0.0.0 bind_port = 7000 bind_udp_port = 7001 kcp_bind_port = 7000 vhost_http_port = 80 vhost_https_port = 443 dashboard_addr = 0.0.0.0 dashboard_port = 7500 dashboard_user = admin dashboard_pwd = admin log_level = info log_max_days = 3 disable_log_color = false token = xxx allow_ports = 2000-3000,4000 max_ports_per_client = 0 subdomain_host = frps.com tcp_mux = true ``` frpc.toml ``` user = "user" serverAddr = "frps.tld" serverPort = 7000 auth.method = "token" auth.token = xxx [[proxies]] name= "nextcloud" type = "http" localIP = "172.16.0.175" localPort = 8000 subdomain = "nextcloud" customDomains = ["nextcloud.tld"] ``` ### Logs none ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [X] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 14:04:27 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 14:04:30 -06:00

Author

Owner

Copy link

@fatedier commented on GitHub (Mar 12, 2024):

You can use packet capturing to confirm whether the traffic is encrypted.

<!-- gh-comment-id:1989866025 --> @fatedier commented on GitHub (Mar 12, 2024): You can use packet capturing to confirm whether the traffic is encrypted.

gitea-mirror commented 2026-05-05 14:04:31 -06:00

Author

Owner

Copy link

@eleaner commented on GitHub (Mar 12, 2024):

I am not sure I know how to do it,
but should it be encrypted?
and why the dashboard say false?

<!-- gh-comment-id:1990993829 --> @eleaner commented on GitHub (Mar 12, 2024): I am not sure I know how to do it, but should it be encrypted? and why the dashboard say false?

gitea-mirror commented 2026-05-05 14:04:32 -06:00

Author

Owner

Copy link

@eleaner commented on GitHub (Mar 12, 2024):

@fatedier
Ok, so I generated all the keys and certificates, set them up on the server, forced encryption, and set them up on the client.
Proxies are connected but the dashboard still says encryption = false.
I tried to set transport.useEncryption but the option does not seem to be recognised for http proxies. An example toml has it only on ssh.

• does transport.useEncryption work with http?
• does the dashboard show the actual encryption or just indicate that the flag is set?

<!-- gh-comment-id:1991239133 --> @eleaner commented on GitHub (Mar 12, 2024): @fatedier Ok, so I generated all the keys and certificates, set them up on the server, forced encryption, and set them up on the client. Proxies are connected but the dashboard still says encryption = false. I tried to set `transport.useEncryption` but the option does not seem to be recognised for http proxies. An example toml has it only on ssh. - does `transport.useEncryption` work with http? - does the dashboard show the actual encryption or just indicate that the flag is set?

gitea-mirror commented 2026-05-05 14:04:32 -06:00

Author

Owner

Copy link

@xqzr commented on GitHub (Mar 12, 2024):

https://gofrp.org/zh-cn/docs/features/common/network/network/#%E5%8A%A0%E5%AF%86%E4%B8%8E%E5%8E%8B%E7%BC%A9

<!-- gh-comment-id:1991245780 --> @xqzr commented on GitHub (Mar 12, 2024): https://gofrp.org/zh-cn/docs/features/common/network/network/#%E5%8A%A0%E5%AF%86%E4%B8%8E%E5%8E%8B%E7%BC%A9

gitea-mirror commented 2026-05-05 14:04:33 -06:00

Author

Owner

Copy link

@eleaner commented on GitHub (Mar 12, 2024):

@xqzr
Thank you, but I don't think it clearly answers my quesitons

<!-- gh-comment-id:1991281226 --> @eleaner commented on GitHub (Mar 12, 2024): @xqzr Thank you, but I don't think it clearly answers my quesitons

gitea-mirror commented 2026-05-05 14:04:34 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 3, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:2033338158 --> @github-actions[bot] commented on GitHub (Apr 3, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

gitea-mirror commented 2026-05-05 14:04:35 -06:00

Author

Owner

Copy link

@eleaner commented on GitHub (Apr 3, 2024):

I did not know how to check it so I generated certificates to be 100% sure
my traffic is encrypted

On Wed, 3 Apr 2024 at 01:34, notifications at github.com <
@.***> wrote:

Issues go stale after 21d of inactivity. Stale issues rot after an
additional 7d of inactivity and eventually close.

—
Reply to this email directly, view it on GitHub
https://github.com/fatedier/frp/issues/4053#issuecomment-2033338158, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/ABHOAM5GJSUZR3TUHJBHB53Y3NE75AVCNFSM6AAAAABERGQRQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZTGMZTQMJVHA
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:2034218520 --> @eleaner commented on GitHub (Apr 3, 2024): I did not know how to check it so I generated certificates to be 100% sure my traffic is encrypted On Wed, 3 Apr 2024 at 01:34, notifications at github.com < ***@***.***> wrote: > Issues go stale after 21d of inactivity. Stale issues rot after an > additional 7d of inactivity and eventually close. > > — > Reply to this email directly, view it on GitHub > <https://github.com/fatedier/frp/issues/4053#issuecomment-2033338158>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/ABHOAM5GJSUZR3TUHJBHB53Y3NE75AVCNFSM6AAAAABERGQRQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZTGMZTQMJVHA> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >

gitea-mirror commented 2026-05-05 14:04:35 -06:00

Author

Owner

Copy link

@xqzr commented on GitHub (Apr 3, 2024):

I did not know how to check it so I generated certificates to be 100% sure my traffic is encrypted
…
On Wed, 3 Apr 2024 at 01:34, notifications at github.com < @.> wrote: Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close. — Reply to this email directly, view it on GitHub <#4053 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHOAM5GJSUZR3TUHJBHB53Y3NE75AVCNFSM6AAAAABERGQRQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZTGMZTQMJVHA . You are receiving this because you authored the thread.Message ID: @.>

590ccda677/conf/frps_full_example.toml (L44)

<!-- gh-comment-id:2034528981 --> @xqzr commented on GitHub (Apr 3, 2024): > I did not know how to check it so I generated certificates to be 100% sure my traffic is encrypted > […](#) > On Wed, 3 Apr 2024 at 01:34, notifications at github.com < ***@***.***> wrote: Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close. — Reply to this email directly, view it on GitHub <[#4053 (comment)](https://github.com/fatedier/frp/issues/4053#issuecomment-2033338158)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABHOAM5GJSUZR3TUHJBHB53Y3NE75AVCNFSM6AAAAABERGQRQGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZTGMZTQMJVHA> . You are receiving this because you authored the thread.Message ID: ***@***.***> https://github.com/fatedier/frp/blob/590ccda677afef39763e225fb777c3b2bf0ef4c7/conf/frps_full_example.toml#L44

gitea-mirror commented 2026-05-05 14:04:36 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Apr 25, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:2076102701 --> @github-actions[bot] commented on GitHub (Apr 25, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3210

No description provided.