Do not require TLS for local Electrum server

[Kixunil]

Problem: I have an Electrum server running without TLS and use SSH tunnel to protect the communication instead. I use ConnectBot on the phone to bind the address.

Eclair now requires the Electrum server to use TLS, therefore I'm unable to connect.

Suggestion: don't require TLS when connecting to a local address (127.0.0.1) and change the info to "Remote server must have a valid certificate".

[pm47]

Sounds like a reasonable request. Related code is here:

https://github.com/ACINQ/eclair/blob/master/eclair-core/src/main/scala/fr/acinq/eclair/blockchain/electrum/ElectrumClient.scala#L66-L75

[artlav]

Does it accept a self-signed SSL certificate on a personal server as of right now?

If not, i'd like to expand the request to either no TLS requirement on LAN (192.168.0.0/16), or an ability to override the requirement explicitly from somewhere in the options.

Constant DDoS attacks on the public servers combined with inability to use a personal one make it rather frustrating to use.

[t-bast]

Have you tried without TLS at all (providing an http address)? If you are over LAN, having TLS with a self-signed certificate doesn't offer any more privacy than disabling TLS entirely.

[artlav]

Yes, i tried. Still does not work, so it's not so much a question of SSL kind of privacy as it is a question of being able to use it at all with a personal server kind of privacy.

[araspitzu]

@artlav You could expose your electrum server over TOR and bypass the TLS requirement (thanks to https://github.com/ACINQ/eclair/pull/1278), while eclair-mobile + TOR is not officially supported it does work with orbot and we're working to embed tor itself in the mobile app.