Client: disable pre v25 init sending by default
Disable the ability to connect to old servers by default to improve password security. If people still want to connect to old (0.4.12 and earlier) servers, they can flip the send_pre_v25_init setting. Add the ability to detect if we've tried to connect to a server which only supports the pre v25 init protocol, and show an apropriate error message. Most times the error will already be catched at the serverlist level, the detection mechanism only acts as last resort, because the "Connection timed out" error message that would be shown otherwise would be very confusing. Automatic "fixing" of this condition is not desired, as it would allow for downgrade attacks. As already 161 of the 167 servers on the serverlist support the new srp based auth protocol (> 96%), the breakage should be minimal. Follow up of commit af301831 "Add option to not send pre v25 init packet" Also change the pessimistic assumption of masterlist server versions to optimistic, in order to avoid buggy behaviour (favourites not in the serverlist would be denied to connect to, etc).
Showing
- builtin/mainmenu/common.lua 7 additions, 3 deletionsbuiltin/mainmenu/common.lua
- builtin/settingtypes.txt 1 addition, 1 deletionbuiltin/settingtypes.txt
- minetest.conf.example 2 additions, 2 deletionsminetest.conf.example
- src/client.h 3 additions, 0 deletionssrc/client.h
- src/defaultsettings.cpp 1 addition, 1 deletionsrc/defaultsettings.cpp
- src/game.cpp 20 additions, 1 deletionsrc/game.cpp
Loading
Please register or sign in to comment