Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Page 1 of 3 123 LastLast
Results 1 to 15 of 36
  1. #1
    Join Date
    March 2014
    Posts
    12

    ServerQuery via TLS

    Hi TS developers,
    do you even consider improving TS3 server so it uses TLS for ServerQuery. It would make programming for TS server much easier as we wouldn't need consider security in our applications.

  2. #2
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,368
    Quote Originally Posted by Kubuxu View Post
    It would make programming for TS server much easier as we wouldn't need consider security in our applications.
    What do you want to consider? Using a VPN/Tunnel/Proxy?

  3. #3
    Join Date
    March 2014
    Posts
    12
    Quote Originally Posted by numma_cway View Post
    What do you want to consider? Using a VPN/Tunnel/Proxy?
    Currently simple tunnelling via SSL but it requires set up on client side.


    TS3 Team:
    In case of you deciding that TLS is too robust add simple 2 way secure handshake. It would allow safe logging in by current protocol and would be non-breaking change.

  4. #4
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    Quote Originally Posted by Kubuxu View Post
    add simple 2 way secure handshake. It would allow safe logging in by current protocol and would be non-breaking change.
    Sounds interesting, how this can work?

  5. #5
    Join Date
    March 2014
    Posts
    12
    The most simplistic way, without asymmetric encryption if we are able to securely distribute keys, is that:
    • server has list of allowed clients keys
    • clients have server key
    Then negotiations start, client asks server to concatenate it's key with given random string and send back hash of it. Client does this operation locally too and compares results. Then server asks client to do it again but this time server dictates random string and compares results. In case of inequality the connection is aborted.

    It does not protect from MitM attack but do not allow password spoofing.

  6. #6
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,368
    Supporting the request, but the unencrypted one should stay for easy use with telnet.

  7. #7
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    Quote Originally Posted by numma_cway View Post
    Supporting the request, but the unencrypted one should stay for easy use with telnet.
    Same here. But I also like the "simple 2 way secure handshake" described by Kubuxe at Yesterday, 19:54.

    If possible I would implement the unencrypted "simple 2 way secure handshake" to my JTS3ServerMod, but not the TLS encryption idea.

  8. #8
    Join Date
    April 2011
    Location
    Germany
    Posts
    1,266
    That's all quite fine when two programs (server) and any client are talking. But in the event of a user using a simple shell to use SQ such a two way handshake is a pain in the ass for the user. Should he compute the hash by himself?!

    And yes, in 98% of all cases I use SQ directly and don't use any kind of "program" which could do the 2 way handshake.

  9. #9
    Join Date
    March 2014
    Posts
    12
    Quote Originally Posted by Barungar View Post
    That's all quite fine when two programs (server) and any client are talking. But in the event of a user using a simple shell to use SQ such a two way handshake is a pain in the ass for the user. Should he compute the hash by himself?!

    And yes, in 98% of all cases I use SQ directly and don't use any kind of "program" which could do the 2 way handshake.
    But old login method would still be there. We are just asking for way to authenticate securely. It would be non breaking change.

    After reading few topics on forum I expect answer "Soon™".

  10. #10
    Join Date
    April 2011
    Location
    Germany
    Posts
    1,266
    What security gain would there be if the old (unsecure) method would be still available?

  11. #11
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    Quote Originally Posted by Barungar View Post
    What security gain would there be if the old (unsecure) method would be still available?
    You, as the TS3 server admin, can decide which way do you use. If you prefer security, you avoid programs using the current method remote over internet.

  12. #12
    Join Date
    March 2014
    Posts
    12
    Quote Originally Posted by Barungar View Post
    What security gain would there be if the old (unsecure) method would be still available?
    Stefan1200 stated right point. Currently to use SQ remotely you should consider using VPN or tunnelling as sending something in the internet like shouting throughout a window.

  13. #13
    Join Date
    April 2011
    Location
    Germany
    Posts
    1,266
    Quote Originally Posted by Stefan1200 View Post
    You, as the TS3 server admin, can decide which way do you use. If you prefer security, you avoid programs using the current method remote over internet.
    I can do that already, today. By just binding SQ to 127.0.0.1 and only allow the server itself (or any authenticated tunnel to that server) to use SQ.

  14. #14
    Join Date
    December 2009
    Location
    Germany
    Posts
    2,360
    Quote Originally Posted by Barungar View Post
    I can do that already, today. By just binding SQ to 127.0.0.1 and only allow the server itself (or any authenticated tunnel to that server) to use SQ.
    But often you need remote connection to the server query interface (like websites, admin tools, etc.). In this case it would be nice, if there is a way to have a query login command with a two way authentication.

  15. #15
    Join Date
    March 2014
    Posts
    12
    Quote Originally Posted by Barungar View Post
    I can do that already, today. By just binding SQ to 127.0.0.1 and only allow the server itself (or any authenticated tunnel to that server) to use SQ.
    The point is that it requires set up on a server(actual client) side and sometimes it is impossible or really difficult.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ServerQuery
    By austin070 in forum General Questions
    Replies: 1
    Last Post: January 16th, 2013, 09:26 AM
  2. Replies: 3
    Last Post: November 9th, 2012, 01:41 PM
  3. Prevent serverquery users from seeing serverquery users?
    By Morthawt in forum Permission System
    Replies: 5
    Last Post: July 16th, 2012, 09:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •