Since the announcement - My LG W8 dont seem to work anymore with secure connections enabled.
Chuck PA was so kind to inform me to change Settings -> Advanced -> Allow Insecure Connections is set to Always
So far so good - and its working just fine.
But my question to Plex team is:
If the server is set to REQUIRED - why is it that this setting cant ignore LAN devices. I cant find any option. I know I can use Preferred - but I dont want that.
I dont want preferred since I want my remote streaming to be required to make sure of that streaming is secured.
Would be great to have an option to set REQUIRED - LAN devices unsecure … or something. Why even bother with secure on LAN?
Because there are no guarantees whatsoever that the device is truly and actually on the local network. Even if it presents a local IP address to the server.
But to be honest - it doesnt make sense that we users cant choose to use Required external and none Secure when on LAN.
If I want Required - im forced to buy a new product like an Apple tv, Chromecast etc to use Secure connections , just because I want Required enabled externally?
Our tv is 3-4 years old . Kinda sad not being able to use plex app on the tv now that its there
Completely agree with everyone here, i have this issue too. Why can’t a simple comparison being made between the IP address of Plex server and device. If both are 192.168.xxx.xxx or have similar external IP address, allow insecure access.
If I’m understanding you correctly, remotely spoofing same-subnet source addresses doesn’t really work. It’s not a viable way to impersonate or eavesdrop on TCP connections. The Internet would fall apart if it was.
The current recommendation - Secure connections: Preferred - means that HTTPS → HTTP downgrade attacks may sometimes be possible. That’s a downside to opportunistic encryption.
Some clients have an On same network as server option. That’s a reasonable setting, and I believe it’s the default on modern desktop clients (?) - but I haven’t looked at TVs or set-top boxes.
I agree that a similar option would make sense on the server. I’d encourage making this into a feature suggestion post!
Personally I’d settle for an Advance/Hidden server setting that allows me to specify LAN IP addresses that can access the server with secure connections disabled. Would let my older LAN based devices continued access.
I think you can edit the original and change it into a #feature-suggestions post yourself.
Another complicated option is to use a reverse proxy. This could be used externally to enforce whatever security you want, while allowing lower levels internally.
