Communication Security and Optimization

Mon, 01 Jan 0001 00:00:00 +0000

Encryption and Compression

Note: When TLS is enabled between frpc and frps, traffic will be globally encrypted, and encryption on individual proxies is no longer needed. This is enabled by default in newer versions.

Each proxy can choose whether to enable encryption and compression features.

The encryption algorithm uses aes-128-cfb, and the compression algorithm uses snappy.

Specify in each proxy’s configuration using the following parameters:

[[proxies]]
name = "ssh"
type = "tcp"
localPort = 22
remotePort = 6000
transport.useEncryption = true
transport.useCompression = true

By setting transport.useEncryption = true, the communication content between frpc and frps will be encrypted during transmission, effectively preventing transmission content from being intercepted.

Custom TLS Protocol Encryption

Mon, 01 Jan 0001 00:00:00 +0000

transport.useEncryption and STCP functions can effectively prevent traffic content from being stolen during communication, but cannot determine whether the other party’s identity is legitimate, posing a risk of man-in-the-middle attacks. For this reason, frp supports traffic encryption between frpc and frps through TLS protocol, and supports client or server unidirectional verification, bidirectional verification, and other functions.

When transport.tls.force = true in frps.toml, it means the server only accepts TLS connection clients, which is also a prerequisite for frps to verify frpc identity. If the content of transport.tls.trustedCaFile in frps.toml is valid, then transport.tls.force = true will be enabled by default.

Communication Security and Optimization on frp

Communication Security and Optimization

Encryption and Compression

Custom TLS Protocol Encryption