diff --git a/apps/socketoptions.hpp b/apps/socketoptions.hpp index 24a267dca..8b0f14b4e 100644 --- a/apps/socketoptions.hpp +++ b/apps/socketoptions.hpp @@ -231,7 +231,7 @@ const SocketOption srt_options [] { { "payloadsize", 0, SRTO_PAYLOADSIZE, SocketOption::PRE, SocketOption::INT, nullptr}, { "kmrefreshrate", 0, SRTO_KMREFRESHRATE, SocketOption::PRE, SocketOption::INT, nullptr }, { "kmpreannounce", 0, SRTO_KMPREANNOUNCE, SocketOption::PRE, SocketOption::INT, nullptr }, - { "strictenc", 0, SRTO_STRICTENC, SocketOption::PRE, SocketOption::BOOL, nullptr }, + { "enforcedencryption", 0, SRTO_ENFORCEDENCRYPTION, SocketOption::PRE, SocketOption::BOOL, nullptr }, { "peeridletimeo", 0, SRTO_PEERIDLETIMEO, SocketOption::PRE, SocketOption::INT, nullptr }, { "packetfilter", 0, SRTO_PACKETFILTER, SocketOption::PRE, SocketOption::STRING, nullptr } }; diff --git a/docs/API-functions.md b/docs/API-functions.md index b6134a51c..0fe84ecb8 100644 --- a/docs/API-functions.md +++ b/docs/API-functions.md @@ -956,7 +956,7 @@ Both parties have defined a passprhase for connection and they differ. #### SRT_REJ_UNSECURE Only one connection party has set up a password. See also -`SRTO_STRICTENC` flag in API.md. +`SRTO_ENFORCEDENCRYPTION` flag in API.md. #### SRT_REJ_MESSAGEAPI diff --git a/docs/API.md b/docs/API.md index 48c675fc5..e311e8cec 100644 --- a/docs/API.md +++ b/docs/API.md @@ -1098,33 +1098,27 @@ side and it's the matter of luck which one would win --- -| OptName | Since | Binding | Type | Units | Default | Range | -| ----------------- | ----- | ------- | --------------- | ----- | -------- | ------ | -| `SRTO_STRICTENC` | 1.3.2 | pre | `int (bool)` | | true | false | - -- **[SET]** - This option, when set to TRUE, allows connection only if the -encryption setup of the connection parties is a "strictly encrypted" case, -that is: - - - neither party has enabled encryption - - both parties have enabled encryption with the same passphrase - -In other cases the connection will be rejected. - -When this option is set to FALSE **by both parties of the connection**, the -following combinations of encryption setup will be allowed for connection (with -appropriate limitations): - - - both parties have enabled encryption with different passphrase - - transmission not possible in either direction - - only one party has enabled encryption - - unencrypted transmission possible only from unencrypted party to encrypted one - -Setting the `SRTO_STRICTENC`option to FALSE can be useful in situations where -it is important to know whether a connection is possible. The inability to -decrypt an incoming transmission can be reported as a different kind of -problem. - +| OptName | Since | Binding | Type | Units | Default | Range | +| -------------------------- | ----- | ------- | --------------- | ----- | -------- | ------ | +| `SRTO_ENFORCEDENCRYPTION` | 1.3.2 | pre | `int (bool)` | | true | false | + +- **[SET]** - This option enforces that both connection parties have the +same passphrase set (including empty, that is, with no encryption), or +otherwise the connection is rejected. + +When this option is set to FALSE **on both connection parties**, the +connection is allowed even if the passphrase differs on both parties, +or it was set only on one party. Note that the party that has set a passphrase +is still allowed to send data over the network. However, the receiver will not +be able to decrypt that data and will not deliver it to the application. The +party that has set no passphrase can send (unencrypted) data that will be +successfully received by its peer. + +This option can be used in some specific situations when the user knows +both parties of the connection, so there's no possible situation of a rogue +sender and can be useful in situations where it is important to know whether a +connection is possible. The inability to decrypt an incoming transmission can +be then reported as a different kind of problem. --- | OptName | Since | Binding | Type | Units | Default | Range | diff --git a/srtcore/core.cpp b/srtcore/core.cpp index e77e56fff..2002bb377 100644 --- a/srtcore/core.cpp +++ b/srtcore/core.cpp @@ -896,7 +896,7 @@ void CUDT::setOpt(SRT_SOCKOPT optName, const void* optval, int optlen) } break; - case SRTO_STRICTENC: + case SRTO_ENFORCEDENCRYPTION: if (m_bConnected) throw CUDTException(MJ_NOTSUP, MN_ISCONNECTED, 0); @@ -1212,7 +1212,7 @@ void CUDT::getOpt(SRT_SOCKOPT optName, void* optval, int& optlen) *(int*)optval = m_zOPT_ExpPayloadSize; break; - case SRTO_STRICTENC: + case SRTO_ENFORCEDENCRYPTION: optlen = sizeof (int32_t); // also with TSBPDMODE and SENDER *(int32_t*)optval = m_bOPT_StrictEncryption; break; diff --git a/srtcore/srt.h b/srtcore/srt.h index 0b7dd8343..4cc238c15 100644 --- a/srtcore/srt.h +++ b/srtcore/srt.h @@ -178,7 +178,7 @@ typedef enum SRT_SOCKOPT { SRTO_TRANSTYPE = 50, // Transmission type (set of options required for given transmission type) SRTO_KMREFRESHRATE, // After sending how many packets the encryption key should be flipped to the new key SRTO_KMPREANNOUNCE, // How many packets before key flip the new key is annnounced and after key flip the old one decommissioned - SRTO_STRICTENC, // Connection to be rejected or quickly broken when one side encryption set or bad password + SRTO_ENFORCEDENCRYPTION, // Connection to be rejected or quickly broken when one side encryption set or bad password SRTO_IPV6ONLY, // IPV6_V6ONLY mode SRTO_PEERIDLETIMEO, // Peer-idle timeout (max time of silence heard from peer) in [ms] // (some space left) @@ -223,6 +223,7 @@ static const SRT_SOCKOPT SRTO_RCVPBKEYLEN SRT_ATR_DEPRECATED = (SRT_SOCKOPT)39; // Keeping old name for compatibility (deprecated) static const SRT_SOCKOPT SRTO_SMOOTHER SRT_ATR_DEPRECATED = SRTO_CONGESTION; +static const SRT_SOCKOPT SRTO_STRICTENC SRT_ATR_DEPRECATED = SRTO_ENFORCEDENCRYPTION; typedef enum SRT_TRANSTYPE {