Kad buddy connections broken when RequireCrypt is enabled
Summary¶
srchybrid/ClientList.cpp:607 contains:
// TODO 0.49b: Kad buddies won't work with RequireCrypt
When the user enables the "Require encryption" option, Kad buddy connections silently fail. The unresolved design conflict means users who rely on Kad for firewall traversal (low-ID clients) are silently broken when they also enable encryption.
Decision¶
2026-04-19: Marked Wont-Fix by explicit product decision.
Rationale:
- the incompatibility is understood and already contained by the current guard behavior
- fixing it requires protocol/design work, not a narrow hardening patch
- current branch direction does not justify the drift and regression risk for this path
This item should not be reopened unless the product direction changes and Kad
buddy behavior under RequireCrypt becomes a deliberate feature target.
Related FIXME¶
srchybrid/BaseClient.cpp:1458:
// FIXME: We don't know which kad version the buddy has
When choosing encryption settings for a buddy connection, the client cannot determine the buddy's Kad version. This compounds the RequireCrypt issue because the version gates which handshake can be used.
Impact¶
Low-ID users with RequireCrypt enabled will:
- Fail to obtain a Kad buddy
- Lose firewall traversal capability
- See no error or warning indicating why buddy acquisition failed
Fix¶
Options:
1. Detect the RequireCrypt + LowID combination and surface a warning to the user
in the Kad status or connection panel.
2. Implement a compatible encrypted buddy handshake path that satisfies
both RequireCrypt and Kad buddy semantics.
3. At minimum: resolve the version-detection FIXME in BaseClient.cpp:1458 so
the encryption negotiation can be attempted correctly.
Files¶
srchybrid/ClientList.cpp:607srchybrid/BaseClient.cpp:1458