That is correct. The expectation of roots/xroots/https protocols is that you *will* use TLS encryption. If you can't the connection should fail otherwise we are letting you run wha should have been encrypted over an unencrypted connection which from a security standpoint is really bad. On Thu, 15 Jun 2023, Guilherme Amadio wrote: > Hi @esindril, yes, my memory is that when I was discussing this with @abh, the conclusion was that when a `roots://` URL is used, we should never allow falling back to non-encrypted connections for security reasons. However, if `root://` is used, `--notlsok` will work to not enforce promotion to use encryption. > > -- > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/pull/2031#issuecomment-1592656925 > You are receiving this because your review was requested. > > Message ID: ***@***.***> -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/2031#issuecomment-1592673432 You are receiving this because you commented. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1