Introducing Stratum over TLS

Warning: This post is very old, and may contain outdated information.

2014-09-10 11:20 UTC (10 years ago)

Starting today, all our servers offer the possibility to mine over a secure (encrypted) connection. We are proud to be the first Litecoin pool to offer this feature!

The problem with Stratum over plain TCP/IP is that an attacker could create a script that sits between the server and the miner, and inject malicious messages into the communication channel. By doing this, the attacker could to steal part of the miner's work, or even redirect the miner to a malicious pool. While such an attack is undoubtedly difficult to perform, it has already happened!

By running Stratum over TLS (Transport Layer Security, the successor to SSL which is also used for the HTTPS protocol), a man-in-the-middle attack is no longer possible, as the communication is secured by strong encryption algorithms and the server's identity is digitally signed by a certificate authority.

To take advantage of this feature, your mining software needs to support it. Right now, only BFGminer 4.0.0 and later has implemented TLS support, but there is work being done to add this feature to sgminer as well. To connect securely with BFGminer, just change the server port from 3333 to 3443 (see our Help page).