Remove auth_enc config option

As we didn't hear any voices requesting this feature, we removed the option to disable it and always have peer connection auth encrypted. closes #1518 follow-up #1325
2026-01-08 22:23:11 +00:00 · 2018-06-01 21:07:20 +02:00
parent 178e357d7f
commit 3255c076e5
14 changed files with 20 additions and 78 deletions
--- a/docs/examples/node0/config/config.toml
+++ b/docs/examples/node0/config/config.toml
@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false

-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""

--- a/docs/examples/node1/config/config.toml
+++ b/docs/examples/node1/config/config.toml
@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false

-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""

--- a/docs/examples/node2/config/config.toml
+++ b/docs/examples/node2/config/config.toml
@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false

-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""

--- a/docs/examples/node3/config/config.toml
+++ b/docs/examples/node3/config/config.toml
@@ -103,9 +103,6 @@ pex = true
 # Does not work if the peer-exchange reactor is disabled.
 seed_mode = false

-# Authenticated encryption
-auth_enc = true
-
 # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
 private_peer_ids = ""

--- a/docs/spec/p2p/peer.md
+++ b/docs/spec/p2p/peer.md
@@ -17,9 +17,6 @@ We will attempt to connect to the peer at IP:PORT, and verify,
 via authenticated encryption, that it is in possession of the private key
 corresponding to `<ID>`. This prevents man-in-the-middle attacks on the peer layer.

-If `auth_enc = false`, peers can use an arbitrary ID, but they must always use
-one. Authentication can then happen out-of-band of Tendermint, for instance via VPN.
-
 ## Connections

 All p2p connections use TCP.
--- a/docs/specification/configuration.rst
+++ b/docs/specification/configuration.rst
@@ -122,9 +122,6 @@ like the file below, however, double check by inspecting the
    # Does not work if the peer-exchange reactor is disabled.
    seed_mode = false

-    # Authenticated encryption
-    auth_enc = true
-
    # Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
    private_peer_ids = ""

--- a/docs/specification/secure-p2p.rst
+++ b/docs/specification/secure-p2p.rst
@@ -65,9 +65,7 @@ are connected to at least one validator.
 Config
 ------

-Authenticated encryption is enabled by default. If you wish to use another
-authentication scheme or your peers are connected via VPN, you can turn it off
-by setting ``auth_enc`` to ``false`` in the config file.
+Authenticated encryption is enabled by default.

 Additional Reading
 ------------------