Page 1 of 1

Encryption settings

Posted: Mon Jun 08, 2009 1:36 pm
by nicko117
It's a little hard to understand what do the encryption settings in Deluge ...

I've done a search on the forum, and indeed some people ask for some modifications in the UI.

My concern is to understand how it work.

1. First I don't understand the difference between: activated and forced ?

It looks like the same for me, for both of them, the aim is t be encrypted in finality ??

2. For level, if I select "fullstream" should I also check "encrypt full stream" ?? Obviously again, it is the same and already selected by the combo value.

Thanks for your explanation.

PS: I've translated the values to english from a foreign language, so the name could be not 100% accurate to their english version

Re: Encryption settings

Posted: Mon Jun 08, 2009 3:10 pm
by johnnyg
  1. There are 3 options: "Disabled", "Enabled" and "Forced"
    • Disabled - don't enable encryption (you can only connect to peers that aren't using encryption)
    • Enabled - enable encryption (you can connect to peers that are using encryption as well as peers that aren't)
    • Forced - force the use of encryption (you can ONLY connect to peers that are using encryption)
    You can then specify what level of encryption you want enabled/forced.
  2. Once again 3 options: "Handshake", "Full stream" and "Either"
    • Handshake - allow/force the use of encryption when connecting to a peer
    • Full stream - allow/force the use of encryption when connecting to a peer as well as when transferring
    • Either - allow/force the use of either one
    "Encrypt entire stream" means that you prefer to use "Full stream" encryption rather than "Handshake".
    Hence it makes no sense to select "Full stream" and then not to tick "Encrypt entire stream".
    AFAIK deluge (or libtorrent) doesn't enforce "Encrypt entire stream" if you select "Full stream" (which is what you were implicitly asking).

Does that answer your questions?

Re: Encryption settings

Posted: Fri Jan 20, 2012 5:15 pm
by greenwich
johnnyg wrote:
    Once again 3 options: "Handshake", "Full stream" and "Either"
    • Handshake - allow/force the use of encryption when connecting to a peer
    • Full stream - allow/force the use of encryption when connecting to a peer as well as when transferring
    • Either - allow/force the use of either one
    "Encrypt entire stream" means that you prefer to use "Full stream" encryption rather than "Handshake".
    Hence it makes no sense to select "Full stream" and then not to tick "Encrypt entire stream".
    AFAIK deluge (or libtorrent) doesn't enforce "Encrypt entire stream" if you select "Full stream" (which is what you were implicitly asking).


Actually I think you should read it like this:
  • Level: Handshake/Full stream/Either - this is for Inbound* connections! Full stream/Handshake forces this option on incoming connection, the Either option lets the inbound peer decide. This only has effect if you have Inbound encryption set to Enabled/Forced.
  • Tickbox "Encrypt entire stream" - this is for Outbound* connections! Unticked encrypts only the protocol heather, ticked encrypts the entire data stream. This only has effect if you have Outbound encryption set to Enabled/Forced.

*Inbound = a peer connects to you to download (you seed/upload), Outbound = you connect to peer/seeder to download/leech

Re: Encryption settings

Posted: Fri Jan 27, 2012 9:39 pm
by funnel
johnnyg wrote:it makes no sense to select "Full stream" and then not to tick "Encrypt entire stream". AFAIK deluge (or libtorrent) doesn't enforce "Encrypt entire stream" if you select "Full stream" (which is what you were implicitly asking).
Why doesn't it, then? If it makes sense, they why not enforce it and grey-out the checkbox when "Full Stream" is selected? Also then, why isn't "Encrypt entire stream" unchecked and greyed-out when "Handshake" is selected? If "Encrypt entire stream" has an automatic fallback, it seems to me that it would only be relevant (should only be clickable) when "Either" is selected.

I could be misunderstanding, but what you said seems to suggest that the Handshake/Full stream/Either drop-down and "Encrypt entire stream" settings are each applied to both inbound and outbound encryption.

greenwich wrote:Actually I think you should read it like this:
  • Level: Handshake/Full stream/Either - this is for Inbound* connections! Full stream/Handshake forces this option on incoming connection, the Either option lets the inbound peer decide. This only has effect if you have Inbound encryption set to Enabled/Forced.
  • Tickbox "Encrypt entire stream" - this is for Outbound* connections! Unticked encrypts only the protocol heather, ticked encrypts the entire data stream. This only has effect if you have Outbound encryption set to Enabled/Forced.
*Inbound = a peer connects to you to download (you seed/upload), Outbound = you connect to peer/seeder to download/leech
That has significantly different implications from what johnnyg, a developer, said.

If what greenwich said is true, changes should be made:
If Handshake/Full stream/Either is only applied when Inbound encryption is set to Enabled/Forced, then the Handshake/Full stream/Either drop-down should be greyed-out (not clickable) when Inbound encryption is set to Disabled.

If "Encrypt entire stream" is only applied when Outbound encryption is set to Enabled/Forced, then the "Encrypt entire stream" checkbox should be greyed-out (not clickable) when Outbound encryption is set to Disabled.

If {Handshake/Full stream/Either is only for Inbound} -and- {"Encrypt entire stream" is only for Outbound}, then those two groups of settings (Inbound-related and Outbound-related) should be separated more clearly from each other.

Re: Encryption settings

Posted: Fri Jan 27, 2012 11:35 pm
by Cas
The libtorrent documentation shows what these terms mean, so for both Inbound and Outbound encryption the following applies:
  • forced - Only encrypted connections are allowed. Incoming connections that are not encrypted are closed and if the encrypted outgoing connection fails, a non-encrypted retry will not be made.
  • enabled - encrypted connections are enabled, but non-encrypted connections are allowed. An incoming non-encrypted connection will be accepted, and if an outgoing encrypted connection fails, a non- encrypted connection will be tried.
  • disabled - only non-encrypted connections are allowed.

and for Level (both is Either in Deluge):
This setting will adjust which encryption scheme is offered to the other peer, as well as which encryption scheme is selected by the client. The settings are:

  • plaintext - only the handshake is encrypted, the bulk of the traffic remains unchanged.
  • rc4 - the entire stream is encrypted with RC4
  • both - both RC4 and plaintext connections are allowed.

prefer_rc4 can be set to true if you want to prefer the RC4 encrypted stream.


The 'Encrypt Entire Stream' in Deluge is 'prefer_rc4' in libtorrent which relates to choosing 'Either' level of encryption and this applies to both Inbound and Outbound. The label should probably be changed to reflect this, such as 'Prefer Full Stream Encryption' so this option should be greyed out unless the dropdown option 'Either' is selected. The alternative is to simply set 'prefer_rc4' internally in Deluge to default True as I imagine most users would be happy with that or would not care.

If both Inbound and Outbound encryption are set to disabled then this would be the only point that 'Level' and 'encrypt entire stream' should be greyed out so this could be changed for clarity but is a trivial issue.

Re: Encryption settings

Posted: Fri Jul 27, 2012 2:29 am
by Joana
My ISP make traffic shaping in my connection so i need a good encryption for pass this problem. I read this conversation and i have a question: If i select in deluge Full stream i need select Encrypt entire stream?