diff --git a/doc/newsfragments/enable-crypto-by-default.feature b/doc/newsfragments/enable-crypto-by-default.feature new file mode 100644 index 00000000..0c633ee6 --- /dev/null +++ b/doc/newsfragments/enable-crypto-by-default.feature @@ -0,0 +1,2 @@ +The `--enable-crypto` command line option has been made the default to reduce chances of accidental security mishaps when configuring Barrier from command line. +A new `--disable-crypto` command line option has been added to explicitly disable encryption. diff --git a/src/gui/src/MainWindow.cpp b/src/gui/src/MainWindow.cpp index 40050782..9072b864 100644 --- a/src/gui/src/MainWindow.cpp +++ b/src/gui/src/MainWindow.cpp @@ -516,8 +516,8 @@ void MainWindow::startBarrier() #endif - if (m_AppConfig->getCryptoEnabled()) { - args << "--enable-crypto"; + if (!m_AppConfig->getCryptoEnabled()) { + args << "--disable-crypto"; } #if defined(Q_OS_WIN) diff --git a/src/lib/barrier/App.h b/src/lib/barrier/App.h index 749ca85d..d747b5c6 100644 --- a/src/lib/barrier/App.h +++ b/src/lib/barrier/App.h @@ -166,7 +166,8 @@ private: " -l --log write log messages to file.\n" \ " --no-tray disable the system tray icon.\n" \ " --enable-drag-drop enable file drag & drop.\n" \ - " --enable-crypto enable the crypto (ssl) plugin.\n" \ + " --enable-crypto enable the crypto (ssl) plugin (default, deprecated).\n" \ + " --disable-crypto disable the crypto (ssl) plugin.\n" \ " --profile-dir use named profile directory instead.\n" \ " --drop-dir use named drop target directory instead.\n" diff --git a/src/lib/barrier/ArgParser.cpp b/src/lib/barrier/ArgParser.cpp index 1ac4baff..4c57e798 100644 --- a/src/lib/barrier/ArgParser.cpp +++ b/src/lib/barrier/ArgParser.cpp @@ -282,7 +282,10 @@ ArgParser::parseGenericArgs(int argc, const char* const* argv, int& i) argsBase().m_dropTarget = argv[++i]; } else if (isArg(i, argc, argv, NULL, "--enable-crypto")) { - argsBase().m_enableCrypto = true; + LOG((CLOG_INFO "--enable-crypto is used by default. The option is deprecated.")); + } + else if (isArg(i, argc, argv, NULL, "--disable-crypto")) { + argsBase().m_enableCrypto = false; } else if (isArg(i, argc, argv, NULL, "--profile-dir", 1)) { argsBase().m_profileDirectory = argv[++i]; diff --git a/src/lib/barrier/ArgsBase.cpp b/src/lib/barrier/ArgsBase.cpp index dd983c6f..b392339a 100644 --- a/src/lib/barrier/ArgsBase.cpp +++ b/src/lib/barrier/ArgsBase.cpp @@ -42,7 +42,7 @@ m_enableDragDrop(false), m_dropTarget(""), m_shouldExit(false), m_barrierAddress(), -m_enableCrypto(false), + m_enableCrypto(true), m_profileDirectory(""), m_pluginDirectory("") {