So I have been looking at how the packets flow when you stream content and they seem to be sent as straight tcp packets instead of in some encrypted form. My question is what part of plex is secured with SSL? Is it just the authentication process, is it while your streaming content?
Have you looked through…
https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections
Or even this…
they are fully encrypted using TLS, so long as the client supports it and the server enforces it. And if both are are to use the proper FQDN of your server which it gets assigned.
https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections
The packets in wireshark are show as TCP packets with no encytion in any of the headers. This is with my phone using the plex app connected to my computers shared wifi. Should I be seeing TLSv2 packets instead?
@Sswhitehead said:
The packets in wireshark are show as TCP packets with no encytion in any of the headers. This is with my phone using the plex app connected to my computers shared wifi. Should I be seeing TLSv2 packets instead?
It depends where these packets are are going and whether you succeeded to make the secure connections work.
But yes, all traffic between your own server machine and the mobile device should be encrypted. There might be other traffic directed to the plex cloud which might be not encrypted, but this doesn’t contain media data.
Do note: after changing the preference Settings - Server - Network - Secure Connections you need to re-start the server for the change to get applied.
TLS is an application layer protocol, TCP is transport layer. That the headers aren’t encrypted is perfectly normal, only the payload of a TLS session will be encrypted. Also, even with IPsec, the packet headers required for routing will be in the clear.
Hey all, I know this thread is a bit old, but my question is exactly regarding the same topic.
So if the payload is encrypted with TLS and the hearders are plain TCP, the packets all show up as play TCP in some dump as the OP said.
How is it possible to tell if encryption works and the payload gets encrypted?
thanks
greets!
@Oshikuru said:
How is it possible to tell if encryption works and the payload gets encrypted?
If you see a green padlock icon on your server’s name, you know that the connection between your current client and this server is encrypted.
Hey,
thx, I know about the green lock, but thats just an icon which could be set when I enable the “secure”-option or it could just point out, that the communication to plex.tv-servers is encrypted.
I want to know if the video stream itself is encrypted and how to ensure that, possibly via wireshark or any.
thanks!
Ok,
if I check some browser data I can see the TLS in any single line of the application data (after handshake is done) in wireshark like this:
(removed)
Regarding plex, I do see the encrypted handshake (between my server and plex.tv),
but the application data is only listed as TCP as the OP did point out in the original post.
So for me it does look like encrypted auth with plex.tv servers, but not encrypted stream, huh?
@Oshikuru said:
thx, I know about the green lock, but thats just an icon which could be set when I enable the “secure”-option or it could just point out, that the communication to plex.tv-servers is encrypted.
No, it shows up when the channel to this particular server is encrypted. That inlcudes of course all media packets.
At the beginning of this thread we posted the same link twice already. I recommend you to actually take a look at it.
https://support.plex.tv/hc/en-us/articles/206225077-How-to-Use-Secure-Server-Connections
There is also this blog post linked in it, which explains the whole enchilada even further:
