Added encryption.

2025-06-24 21:25:23 +00:00 · 2023-12-30 10:55:30 +01:00 · 2023-12-30 10:55:30 +01:00 · 9599c1931e
commit 9599c1931e
parent b8bd78d90d
29 changed files with 1016 additions and 1069 deletions
--- a/clients/terminal/Cargo.lock
+++ b/clients/terminal/Cargo.lock
@ -103,6 +103,22 @@ dependencies = [
 "os_str_bytes",
 ]

+[[package]]
+name = "core-foundation"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"
+
 [[package]]
 name = "cpufeatures"
 version = "0.2.11"
@ -129,7 +145,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbcf33c2a618cbe41ee43ae6e9f2e48368cd9f9db2896f10167d8d762679f639"
 dependencies = [
 "nix",
- "windows-sys",
+ "windows-sys 0.45.0",
 ]

 [[package]]
@ -148,12 +164,29 @@ dependencies = [
 "crypto-common",
 ]

+[[package]]
+name = "errno"
+version = "0.3.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245"
+dependencies = [
+ "libc",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "fastrand"
+version = "2.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5"
+
 [[package]]
 name = "fcast"
 version = "0.1.0"
 dependencies = [
 "clap",
 "ctrlc",
+ "native-tls",
 "openssl",
 "serde",
 "serde_json",
@ -277,18 +310,48 @@ version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6"

+[[package]]
+name = "lazy_static"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
 [[package]]
 name = "libc"
 version = "0.2.150"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c"

+[[package]]
+name = "linux-raw-sys"
+version = "0.4.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4cd1a83af159aa67994778be9070f0ae1bd732942279cabb14f86f986a21456"
+
 [[package]]
 name = "log"
 version = "0.4.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"

+[[package]]
+name = "native-tls"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
+dependencies = [
+ "lazy_static",
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
 [[package]]
 name = "nix"
 version = "0.26.2"
@ -333,6 +396,12 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "openssl-probe"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+
 [[package]]
 name = "openssl-sys"
 version = "0.9.97"
@ -417,12 +486,66 @@ dependencies = [
 "getrandom",
 ]

+[[package]]
+name = "redox_syscall"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
+dependencies = [
+ "bitflags 1.3.2",
+]
+
+[[package]]
+name = "rustix"
+version = "0.38.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316"
+dependencies = [
+ "bitflags 2.4.1",
+ "errno",
+ "libc",
+ "linux-raw-sys",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"

+[[package]]
+name = "schannel"
+version = "0.1.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534"
+dependencies = [
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "security-framework"
+version = "2.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "05b64fb303737d99b81884b2c63433e9ae28abebe5eb5045dcdd175dc2ecf4de"
+dependencies = [
+ "bitflags 1.3.2",
+ "core-foundation",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e932934257d3b408ed8f30db49d85ea163bfe74961f017f405b025af298f0c7a"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "serde"
 version = "1.0.193"
@ -488,6 +611,19 @@ dependencies = [
 "unicode-ident",
 ]

+[[package]]
+name = "tempfile"
+version = "3.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7ef1adac450ad7f4b3c28589471ade84f25f731a7a0fe30d71dfa9f60fd808e5"
+dependencies = [
+ "cfg-if",
+ "fastrand",
+ "redox_syscall",
+ "rustix",
+ "windows-sys 0.48.0",
+]
+
 [[package]]
 name = "termcolor"
 version = "1.2.0"
@ -562,6 +698,7 @@ dependencies = [
 "http",
 "httparse",
 "log",
+ "native-tls",
 "rand",
 "sha1",
 "thiserror",
@ -668,7 +805,25 @@ version = "0.45.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
 dependencies = [
- "windows-targets",
+ "windows-targets 0.42.2",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
+dependencies = [
+ "windows-targets 0.48.5",
+]
+
+[[package]]
+name = "windows-sys"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
+dependencies = [
+ "windows-targets 0.52.0",
 ]

 [[package]]
@ -677,13 +832,43 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
 dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
+ "windows_aarch64_gnullvm 0.42.2",
+ "windows_aarch64_msvc 0.42.2",
+ "windows_i686_gnu 0.42.2",
+ "windows_i686_msvc 0.42.2",
+ "windows_x86_64_gnu 0.42.2",
+ "windows_x86_64_gnullvm 0.42.2",
+ "windows_x86_64_msvc 0.42.2",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
+dependencies = [
+ "windows_aarch64_gnullvm 0.48.5",
+ "windows_aarch64_msvc 0.48.5",
+ "windows_i686_gnu 0.48.5",
+ "windows_i686_msvc 0.48.5",
+ "windows_x86_64_gnu 0.48.5",
+ "windows_x86_64_gnullvm 0.48.5",
+ "windows_x86_64_msvc 0.48.5",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a18201040b24831fbb9e4eb208f8892e1f50a37feb53cc7ff887feb8f50e7cd"
+dependencies = [
+ "windows_aarch64_gnullvm 0.52.0",
+ "windows_aarch64_msvc 0.52.0",
+ "windows_i686_gnu 0.52.0",
+ "windows_i686_msvc 0.52.0",
+ "windows_x86_64_gnu 0.52.0",
+ "windows_x86_64_gnullvm 0.52.0",
+ "windows_x86_64_msvc 0.52.0",
 ]

 [[package]]
@ -692,38 +877,122 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"

+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea"
+
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"

+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef"
+
 [[package]]
 name = "windows_i686_gnu"
 version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"

+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313"
+
 [[package]]
 name = "windows_i686_msvc"
 version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"

+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a"
+
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"

+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd"
+
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"

+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e"
+
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
--- a/clients/terminal/Cargo.toml
+++ b/clients/terminal/Cargo.toml
@ -10,7 +10,8 @@ clap = "3"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 ctrlc = "3.1.9"
-tungstenite = "0.21.0"
+tungstenite = { version = "0.21.0", features = ["native-tls"] }
 url = "2.5.0"
 tiny_http = "0.12.0"
 openssl = "0.10.61"
+native-tls = "0.2.11"
--- a/clients/terminal/src/fcastsession.rs
+++ b/clients/terminal/src/fcastsession.rs
@ -1,7 +1,6 @@
-use std::{sync::{atomic::{AtomicBool, Ordering}, Arc}, collections::VecDeque};
+use std::sync::{atomic::{AtomicBool, Ordering}, Arc};

-use crate::{models::{PlaybackUpdateMessage, VolumeUpdateMessage, PlaybackErrorMessage, VersionMessage, KeyExchangeMessage, EncryptedMessage, DecryptedMessage}, transport::Transport};
-use openssl::{dh::Dh, base64, pkey::{Private, PKey}, symm::{Cipher, Crypter, Mode}, bn::BigNum};
+use crate::{models::{PlaybackUpdateMessage, VolumeUpdateMessage, PlaybackErrorMessage, VersionMessage}, transport::Transport};
 use serde::Serialize;

 #[derive(Debug)]
@ -26,11 +25,8 @@ pub enum Opcode {
    PlaybackError = 9,
    SetSpeed = 10,
    Version = 11,
-    KeyExchange = 12,
-    Encrypted = 13,
-    Ping = 14,
-    Pong = 15,
-    StartEncryption = 16
+    Ping = 12,
+    Pong = 13
 }

 impl Opcode {
@ -48,11 +44,8 @@ impl Opcode {
            9 => Opcode::PlaybackError,
            10 => Opcode::SetSpeed,
            11 => Opcode::Version,
-            12 => Opcode::KeyExchange,
-            13 => Opcode::Encrypted,
-            14 => Opcode::Ping,
-            15 => Opcode::Pong,
-            16 => Opcode::StartEncryption,
+            12 => Opcode::Ping,
+            13 => Opcode::Pong,
            _ => panic!("Unknown value: {}", value),
        }
    }
@ -66,60 +59,24 @@ pub struct FCastSession<'a> {
    bytes_read: usize,
    packet_length: usize,
    stream: Box<dyn Transport + 'a>,
-    state: SessionState,
-    dh: Option<Dh<Private>>,
-    public_key: Option<String>,
-    aes_key: Option<Vec<u8>>,
-    decrypted_messages_queue: VecDeque<DecryptedMessage>,
-    encrypted_messages_queue: VecDeque<EncryptedMessage>,
-    encryption_started: bool,
-    wait_for_encryption: bool
+    state: SessionState
 }

 impl<'a> FCastSession<'a> {
-    pub fn new<T: Transport + 'a>(stream: T, encrypted: bool) -> Result<Self, Box<dyn std::error::Error>> {
-        let (dh, public_key) = if encrypted {
-            println!("Initialized DH.");
-            generate_key_pair()?
-        } else {
-            (None, None)
-        };
-
-        Ok(FCastSession {
+    pub fn new<T: Transport + 'a>(stream: T) -> Self {
+        return FCastSession {
            buffer: vec![0; MAXIMUM_PACKET_LENGTH],
            bytes_read: 0,
            packet_length: 0,
            stream: Box::new(stream),
-            state: SessionState::Idle,
-            wait_for_encryption: dh.is_some(),
-            dh,
-            public_key,
-            aes_key: None,
-            decrypted_messages_queue: VecDeque::new(),
-            encrypted_messages_queue: VecDeque::new(),
-            encryption_started: false
-        })
+            state: SessionState::Idle
+        }
    }
 }

 impl FCastSession<'_> {
    pub fn send_message<T: Serialize>(&mut self, opcode: Opcode, message: T) -> Result<(), Box<dyn std::error::Error>> {
        let json = serde_json::to_string(&message)?;
-
-        if opcode != Opcode::Encrypted && opcode != Opcode::KeyExchange && opcode != Opcode::StartEncryption {
-            if self.encryption_started {
-                println!("Sending encrypted with opcode {:?}.", opcode);
-                let decrypted_message = DecryptedMessage::new(opcode as u64, Some(json));
-                let encrypted_message = encrypt_message(&self.aes_key.as_ref().unwrap(), &decrypted_message)?;
-                return self.send_message(Opcode::Encrypted, &encrypted_message)
-            } else if self.wait_for_encryption {
-                println!("Queued message with opcode {:?} until encryption is established.", opcode);
-                let decrypted_message = DecryptedMessage::new(opcode as u64, Some(json));
-                self.decrypted_messages_queue.push_back(decrypted_message);
-                return Ok(());
-            }
-        }
-
        let data = json.as_bytes();
        let size = 1 + data.len();
        let header_size = LENGTH_BYTES + 1;
@ -134,19 +91,6 @@ impl FCastSession<'_> {
    }

    pub fn send_empty(&mut self, opcode: Opcode) -> Result<(), Box<dyn std::error::Error>> {
-        if opcode != Opcode::Encrypted && opcode != Opcode::KeyExchange && opcode != Opcode::StartEncryption {
-            let decrypted_message = DecryptedMessage::new(opcode as u64, None);
-            if self.encryption_started {
-                println!("Sending encrypted with opcode {:?}.", opcode);
-                let encrypted_message = encrypt_message(&self.aes_key.as_ref().unwrap(), &decrypted_message)?;
-                return self.send_message(Opcode::Encrypted, &encrypted_message)
-            } else if self.wait_for_encryption {
-                println!("Queued message with opcode {:?} until encryption is established.", opcode);
-                self.decrypted_messages_queue.push_back(decrypted_message);
-                return Ok(());
-            }
-        }
-
        let json = String::new();
        let data = json.as_bytes();
        let size = 1 + data.len();
@ -159,22 +103,13 @@ impl FCastSession<'_> {
        Ok(())
    }

-    pub fn receive_loop(&mut self, running: &Arc<AtomicBool>, until_queues_are_empty: bool) -> Result<(), Box<dyn std::error::Error>> {
-        if let Some(pk) = &self.public_key {
-            println!("Sending public key.");
-            self.send_message(Opcode::KeyExchange, &KeyExchangeMessage::new(1, pk.clone()))?;        
-        }
-
+    pub fn receive_loop(&mut self, running: &Arc<AtomicBool>) -> Result<(), Box<dyn std::error::Error>> {
        println!("Start receiving.");

        self.state = SessionState::WaitingForLength;

        let mut buffer = [0u8; 1024];
        while running.load(Ordering::SeqCst) {
-            if until_queues_are_empty && self.are_queues_empty() {
-                break;
-            }
-
            let bytes_read = self.stream.transport_read(&mut buffer)?;
            self.process_bytes(&buffer[..bytes_read])?;
        }
@ -323,68 +258,11 @@ impl FCastSession<'_> {
                    println!("Received version with no body.");
                }
            }
-            Opcode::KeyExchange => {
-                if let Some(body_str) = body {
-                    match serde_json::from_str::<KeyExchangeMessage>(body_str.as_str()) {
-                        Ok(key_exchange_message) => {
-                            if let Some(dh) = &self.dh {
-                                println!("Received key exchange message {:?}", key_exchange_message);
-                                self.aes_key = Some(compute_shared_secret(dh, &key_exchange_message)?);
-                                self.send_empty(Opcode::StartEncryption)?;
-    
-                                println!("Processing queued encrypted messages to handle.");
-                                while let Some(encrypted_message) = self.encrypted_messages_queue.pop_front() {
-                                    let decrypted_message = decrypt_message(&self.aes_key.as_ref().unwrap(), &encrypted_message)?;
-                                    self.handle_packet(Opcode::from_u8(decrypted_message.opcode as u8), decrypted_message.message)?;
-                                }
-                            } else {
-                                println!("Received key exchange message while encryption is diabled {:?}", key_exchange_message);
-                            }
-                        },
-                        Err(e) => println!("Received key exchange with malformed body: {}.", e)
-                    };
-                } else {
-                    println!("Received key exchange with no body.");
-                }
-            }
-            Opcode::Encrypted => {
-                if let Some(body_str) = body {
-                    if let Ok(encrypted_message) = serde_json::from_str::<EncryptedMessage>(body_str.as_str()) {
-                        println!("Received encrypted message {:?}", encrypted_message);
-                        
-                        if self.aes_key.is_some() {
-                            println!("Decrypting and handling encrypted message.");
-                            let decrypted_message = decrypt_message(&self.aes_key.as_ref().unwrap(), &encrypted_message)?;
-                            self.handle_packet(Opcode::from_u8(decrypted_message.opcode as u8), decrypted_message.message)?;
-                        } else {
-                            println!("Queued encrypted message until encryption is established.");
-                            self.encrypted_messages_queue.push_back(encrypted_message);
-                            
-                            if self.encrypted_messages_queue.len() > 15 {
-                                self.encrypted_messages_queue.pop_front();
-                            }
-                        }
-                    } else {
-                        println!("Received encrypted with malformed body.");
-                    }
-                } else {
-                    println!("Received encrypted with no body.");
-                }
-            }
            Opcode::Ping => {
                println!("Received ping");
                self.send_empty(Opcode::Pong)?;
                println!("Sent pong");
            }
-            Opcode::StartEncryption => {
-                self.encryption_started = true;
-
-                println!("Processing queued decrypted messages to send.");    
-                while let Some(decrypted_message) = self.decrypted_messages_queue.pop_front() {
-                    let encrypted_message = encrypt_message(&self.aes_key.as_ref().unwrap(), &decrypted_message)?;
-                    self.send_message(Opcode::Encrypted, &encrypted_message)?;
-                }
-            }
            _ => {
                println!("Error handling packet");
            }
@ -393,184 +271,7 @@ impl FCastSession<'_> {
        Ok(())
    }

-    fn are_queues_empty(&self) -> bool {
-        return self.decrypted_messages_queue.is_empty() && self.encrypted_messages_queue.is_empty();
-    }
-
    pub fn shutdown(&mut self) -> Result<(), std::io::Error> {
        return self.stream.transport_shutdown();
    }
-}
-
-fn generate_key_pair() -> Result<(Option<Dh<Private>>, Option<String>), Box<dyn std::error::Error>> {
-    //modp14
-    let p = "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff";
-    let g = "2";
-
-    let v = Dh::from_pqg(BigNum::from_hex_str(p)?, None, BigNum::from_hex_str(g)?)?.generate_key()?;
-
-    let private = v.private_key().to_owned()?;    
-    let dh2 = Dh::from_pqg(BigNum::from_hex_str(p)?, None, BigNum::from_hex_str(g)?)?.set_private_key(private)?;
-    let pkey = PKey::from_dh(dh2)?;
-    let public_key_der = pkey.public_key_to_der()?;
-    let public_key_base64 = base64::encode_block(public_key_der.as_ref());
-
-    Ok((Some(v), Some(public_key_base64)))
-}
-
-fn encrypt_message(aes_key: &Vec<u8>, decrypted_message: &DecryptedMessage) -> Result<EncryptedMessage, Box<dyn std::error::Error>> {
-    let cipher = Cipher::aes_256_cbc();
-    let iv_len = cipher.iv_len().ok_or("Cipher does not support IV")?;
-    let mut iv = vec![0; iv_len];
-    openssl::rand::rand_bytes(&mut iv)?;
-
-    let mut crypter = Crypter::new(
-        cipher,
-        Mode::Encrypt,
-        aes_key,
-        Some(&iv)
-    )?;
-    crypter.pad(true);
-
-    let json = serde_json::to_string(decrypted_message)?;
-    let mut ciphertext = vec![0; json.len() + cipher.block_size()];
-    let count = crypter.update(json.as_bytes(), &mut ciphertext)?;
-    let rest = crypter.finalize(&mut ciphertext[count..])?;
-    ciphertext.truncate(count + rest);
-
-    Ok(EncryptedMessage::new(1, Some(base64::encode_block(&iv)), base64::encode_block(&ciphertext)))
-}
-
-fn decrypt_message(aes_key: &Vec<u8>, encrypted_message: &EncryptedMessage) -> Result<DecryptedMessage, Box<dyn std::error::Error>> {
-    if encrypted_message.iv.is_none() {
-        return Err("IV is required for decryption.".into());
-    }
-
-    let cipher = Cipher::aes_256_cbc();
-    let iv = base64::decode_block(&encrypted_message.iv.as_ref().unwrap())?;
-    let ciphertext = base64::decode_block(&encrypted_message.blob)?;
-
-    let mut crypter = Crypter::new(
-        cipher,
-        Mode::Decrypt,
-        aes_key,
-        Some(&iv)
-    )?;
-    crypter.pad(true);
-
-    let mut plaintext = vec![0; ciphertext.len() + cipher.block_size()];
-    let count = crypter.update(&ciphertext, &mut plaintext)?;
-    let rest = crypter.finalize(&mut plaintext[count..])?;
-    plaintext.truncate(count + rest);
-
-    let decrypted_str = String::from_utf8(plaintext)?;
-    Ok(serde_json::from_str(&decrypted_str)?)
-}
-
-fn compute_shared_secret(dh: &Dh<Private>, key_exchange_message: &KeyExchangeMessage) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
-    let peer_public_key_der = base64::decode_block(&key_exchange_message.public_key)?;
-    let peer_public_key = PKey::public_key_from_der(&peer_public_key_der)?;
-    let peer_dh = peer_public_key.dh()?;
-    let peer_pub_key = peer_dh.public_key();
-    let shared_secret = dh.compute_key(&peer_pub_key)?;                    
-    let digest = openssl::hash::hash(openssl::hash::MessageDigest::sha256(), &shared_secret)?.to_vec();
-    Ok(digest)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use openssl::base64;
-
-    #[test]
-    fn test_dh_encryption_self() {
-        let (key_pair1, public_key1) = generate_key_pair().unwrap();
-        let (key_pair2, public_key2) = generate_key_pair().unwrap();
-
-        let aes_key1 = compute_shared_secret(&key_pair1.unwrap(), &KeyExchangeMessage::new(1, public_key2.unwrap())).unwrap();
-        let aes_key2 = compute_shared_secret(&key_pair2.unwrap(), &KeyExchangeMessage::new(1, public_key1.unwrap())).unwrap();
-
-        assert_eq!(aes_key1, aes_key2);
-
-        let message = DecryptedMessage {
-            opcode: 1,
-            message: Some(r#"{"type": "text/html"}"#.to_string()),
-        };
-        let encrypted_message = encrypt_message(&aes_key1, &message).unwrap();
-        let decrypted_message = decrypt_message(&aes_key1, &encrypted_message).unwrap();
-
-        assert_eq!(message.opcode, decrypted_message.opcode);
-        assert_eq!(message.message, decrypted_message.message);
-    }
-
-
-    #[test]
-    fn test_dh_encryption_known() {
-        let private_key1 = base64::decode_block("MIIDJwIBADCCAhgGCSqGSIb3DQEDATCCAgkCggEBAJVHXPXZPllsP80dkCrdAvQn9fPHIQMTu0X7TVuy5f4cvWeM1LvdhMmDa+HzHAd3clrrbC/Di4X0gHb6drzYFGzImm+y9wbdcZiYwgg9yNiW+EBi4snJTRN7BUqNgJatuNUZUjmO7KhSoK8S34Pkdapl1OwMOKlWDVZhGG/5i5/J62Du6LAwN2sja8c746zb10/WHB0kdfowd7jwgEZ4gf9+HKVv7gZteVBq3lHtu1RDpWOSfbxLpSAIZ0YXXIiFkl68ZMYUeQZ3NJaZDLcU7GZzBOJh+u4zs8vfAI4MP6kGUNl9OQnJJ1v0rIb/yz0D5t/IraWTQkLdbTvMoqQGywsCggEAQt67naWz2IzJVuCHh+w/Ogm7pfSLiJp0qvUxdKoPvn48W4/NelO+9WOw6YVgMolgqVF/QBTTMl/Hlivx4Ek3DXbRMUp2E355Lz8NuFnQleSluTICTweezy7wnHl0UrB3DhNQeC7Vfd95SXnc7yPLlvGDBhllxOvJPJxxxWuSWVWnX5TMzxRJrEPVhtC+7kMlGwsihzSdaN4NFEQD8T6AL0FG2ILgV68ZtvYnXGZ2yPoOPKJxOjJX/Rsn0GOfaV40fY0c+ayBmibKmwTLDrm3sDWYjRW7rGUhKlUjnPx+WPrjjXJQq5mR/7yXE0Al/ozgTEOZrZZWm+kaVG9JeGk8egSCAQQCggEAECNvEczf0y6IoX/IwhrPeWZ5IxrHcpwjcdVAuyZQLLlOq0iqnYMFcSD8QjMF8NKObfZZCDQUJlzGzRsG0oXsWiWtmoRvUZ9tQK0j28hDylpbyP00Bt9NlMgeHXkAy54P7Z2v/BPCd3o23kzjgXzYaSRuCFY7zQo1g1IQG8mfjYjdE4jjRVdVrlh8FS8x4OLPeglc+cp2/kuyxaVEfXAG84z/M8019mRSfdczi4z1iidPX6HgDEEWsN42Ud60mNKy5jsQpQYkRdOLmxR3+iQEtGFjdzbVhVCUr7S5EORU9B1MOl5gyPJpjfU3baOqrg6WXVyTvMDaA05YEnAHQNOOfA==").unwrap();
-        let key_exchange_message_2 = KeyExchangeMessage::new(1, "MIIDJTCCAhgGCSqGSIb3DQEDATCCAgkCggEBAJVHXPXZPllsP80dkCrdAvQn9fPHIQMTu0X7TVuy5f4cvWeM1LvdhMmDa+HzHAd3clrrbC/Di4X0gHb6drzYFGzImm+y9wbdcZiYwgg9yNiW+EBi4snJTRN7BUqNgJatuNUZUjmO7KhSoK8S34Pkdapl1OwMOKlWDVZhGG/5i5/J62Du6LAwN2sja8c746zb10/WHB0kdfowd7jwgEZ4gf9+HKVv7gZteVBq3lHtu1RDpWOSfbxLpSAIZ0YXXIiFkl68ZMYUeQZ3NJaZDLcU7GZzBOJh+u4zs8vfAI4MP6kGUNl9OQnJJ1v0rIb/yz0D5t/IraWTQkLdbTvMoqQGywsCggEAQt67naWz2IzJVuCHh+w/Ogm7pfSLiJp0qvUxdKoPvn48W4/NelO+9WOw6YVgMolgqVF/QBTTMl/Hlivx4Ek3DXbRMUp2E355Lz8NuFnQleSluTICTweezy7wnHl0UrB3DhNQeC7Vfd95SXnc7yPLlvGDBhllxOvJPJxxxWuSWVWnX5TMzxRJrEPVhtC+7kMlGwsihzSdaN4NFEQD8T6AL0FG2ILgV68ZtvYnXGZ2yPoOPKJxOjJX/Rsn0GOfaV40fY0c+ayBmibKmwTLDrm3sDWYjRW7rGUhKlUjnPx+WPrjjXJQq5mR/7yXE0Al/ozgTEOZrZZWm+kaVG9JeGk8egOCAQUAAoIBAGlL9EYsrFz3I83NdlwhM241M+M7PA9P5WXgtdvS+pcalIaqN2IYdfzzCUfye7lchVkT9A2Y9eWQYX0OUhmjf8PPKkRkATLXrqO5HTsxV96aYNxMjz5ipQ6CaErTQaPLr3OPoauIMPVVI9zM+WT0KOGp49YMyx+B5rafT066vOVbF/0z1crq0ZXxyYBUv135rwFkIHxBMj5bhRLXKsZ2G5aLAZg0DsVam104mgN/v75f7Spg/n5hO7qxbNgbvSrvQ7Ag/rMk5T3sk7KoM23Qsjl08IZKs2jjx21MiOtyLqGuCW6GOTNK4yEEDF5gA0K13eXGwL5lPS0ilRw+Lrw7cJU=".to_string());
-
-        let private_key = PKey::private_key_from_der(&private_key1).unwrap();
-        let dh = private_key.dh().unwrap();
-
-        let aes_key1 = compute_shared_secret(&dh, &key_exchange_message_2).unwrap();
-        assert_eq!(base64::encode_block(&aes_key1), "vI5LGE625zGEG350ggkyBsIAXm2y4sNohiPcED1oAEE=");
-
-        let message = DecryptedMessage {
-            opcode: 1,
-            message: Some(r#"{"type": "text/html"}"#.to_string()),
-        };
-        let encrypted_message = encrypt_message(&aes_key1, &message).unwrap();
-        let decrypted_message = decrypt_message(&aes_key1, &encrypted_message).unwrap();
-
-        assert_eq!(message.opcode, decrypted_message.opcode);
-        assert_eq!(message.message, decrypted_message.message);
-    }
-
-    #[test]
-    fn test_decrypt_message_known() {
-        let encrypted_message_json = r#"{"version":1,"iv":"C4H70VC5FWrNtkty9/cLIA==","blob":"K6/N7JMyi1PFwKhU0mFj7ZJmd/tPp3NCOMldmQUtDaQ7hSmPoIMI5QNMOj+NFEiP4qTgtYp5QmBPoQum6O88pA=="}"#;
-        let encrypted_message: EncryptedMessage = serde_json::from_str(encrypted_message_json).unwrap();
-        let aes_key_base64 = "+hr9Jg8yre7S9WGUohv2AUSzHNQN514JPh6MoFAcFNU=";
-        let aes_key = base64::decode_block(aes_key_base64).unwrap();
-
-        let decrypted_message = decrypt_message(&aes_key, &encrypted_message).unwrap();
-        assert_eq!(1, decrypted_message.opcode);
-        assert_eq!("{\"container\":\"text/html\"}", decrypted_message.message.unwrap());
-    }
-
-    #[test]
-    fn test_aes_key_generation() {
-        let cases = vec![
-            (
-                // Public other
-                String::from("MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECA4GEAAKBgEnOS0oHteVA+3kND3u4yXe7GGRohy1LkR9Q5tL4c4ylC5n4iSwWSoIhcSIvUMWth6KAhPhu05sMcPY74rFMSS2AGTNCdT/5KilediipuUMdFVvjGqfNMNH1edzW5mquIw3iXKdfQmfY/qxLTI2wccyDj4hHFhLCZL3Y+shsm3KF"),
-                // Private self
-                String::from("MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECBIGDAoGAeo/ceIeH8Jt1ZRNKX5aTHkMi23GCV1LtcS2O6Tktn9k8DCv7gIoekysQUhMyWtR+MsZlq2mXjr1JFpAyxl89rqoEPU6QDsGe9q8R4O8eBZ2u+48mkUkGSh7xPGRQUBvmhH2yk4hIEA8aK4BcYi1OTsCZtmk7pQq+uaFkKovD/8M="),
-                // Expected AES key
-                String::from("7dpl1/6KQTTooOrFf2VlUOSqgrFHi6IYxapX0IxFfwk="),
-            ),
-            (
-                // Public other
-                String::from("MIIBHzCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECA4GEAAKBgGvIlCP/S+xpAuNEHSn4cEDOL1esUf+uMuY2Kp5J10a7HGbwzNd+7eYsgEc4+adddgB7hJgTvjsGg7lXUhHQ7WbfbCGgt7dbkx8qkic6Rgq4f5eRYd1Cgidw4MhZt7mEIOKrHweqnV6B9rypbXjbqauc6nGgtwx+Gvl6iLpVATRK"),
-                // Private self
-                String::from("MIIBIQIBADCBlQYJKoZIhvcNAQMBMIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgECBIGDAoGAMXmiIgWyutbaO+f4UiMAb09iVVSCI6Lb6xzNyD2MpUZyk4/JOT04Daj4JeCKFkF1Fq79yKhrnFlXCrF4WFX00xUOXb8BpUUUH35XG5ApvolQQLL6N0om8/MYP4FK/3PUxuZAJz45TUsI/v3u6UqJelVTNL83ltcFbZDIfEVftRA="),
-                // Expected AES key
-                String::from("a2tUSxnXifKohfNocAQHkAlPffDv6ReihJ7OojBGt0Q=")
-            )
-        ];
-
-        for case in cases {
-            let private_self_key = base64::decode_block(&case.1).expect("Invalid base64 for private self key");
-            let expected_aes_key = base64::decode_block(&case.2).expect("Invalid base64 for expected AES key");
-
-            let private_key = PKey::private_key_from_der(&private_self_key).expect("Failed to create private key");
-            let dh = private_key.dh().expect("Failed to create DH from private key");
-            let key_exchange_message = KeyExchangeMessage::new(1, case.0);
-
-            let aes_key = compute_shared_secret(&dh, &key_exchange_message).expect("Failed to compute shared secret");
-            let aes_key_base64 = base64::encode_block(&aes_key);
-
-            assert_eq!(aes_key_base64, base64::encode_block(&expected_aes_key), "AES keys do not match");
-        }
-    }
 }
--- a/clients/terminal/src/main.rs
+++ b/clients/terminal/src/main.rs
@ -3,7 +3,9 @@ mod fcastsession;
 mod transport;

 use clap::{App, Arg, SubCommand};
+use native_tls::{TlsConnector, Protocol};
 use tiny_http::{Server, Response, ListenAddr, Header};
+use tungstenite::Connector;
 use tungstenite::stream::MaybeTlsStream;
 use url::Url;
 use std::net::IpAddr;
@ -152,36 +154,68 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {

    let connection_type = matches.value_of("connection_type").unwrap_or("tcp");

+    let encrypted = matches.is_present("encrypted");
    let port = match matches.value_of("port") {
        Some(s) => s,
-        _ => match connection_type {
-            "tcp" => "46899",
-            "ws" => "46898",
+        _ => match (connection_type, encrypted) {
+            ("tcp", false) => "46899",
+            ("tcp", true) => "46897",
+            ("ws", false) => "46898",
+            ("ws", true) => "46896",
            _ => return Err("Unknown connection type, cannot automatically determine port.".into())
        }
    };

-    let encrypted = matches.is_present("encrypted");
-
    let local_ip: Option<IpAddr>;
-    let mut session = match connection_type {
-        "tcp" => {
+    let mut session = match (connection_type, encrypted) {
+        ("tcp", false) => {
            println!("Connecting via TCP to host={} port={}...", host, port);
            let stream = TcpStream::connect(format!("{}:{}", host, port))?;
            local_ip = Some(stream.local_addr()?.ip());
-            FCastSession::new(stream, encrypted)?
+            FCastSession::new(stream)
        },
-        "ws" => {
+        ("tcp", true) => {
+            println!("Connecting via TCP TLS to host={} port={}...", host, port);
+            let mut builder = TlsConnector::builder();
+            builder.min_protocol_version(Some(Protocol::Tlsv12));
+            builder.danger_accept_invalid_certs(true);
+            let connector = builder.build()?;
+            let stream = TcpStream::connect(format!("{}:{}", host, port))?;
+            let tls_stream = connector.connect(host, stream)?;
+            local_ip = Some(tls_stream.get_ref().local_addr()?.ip());
+            FCastSession::new(tls_stream)
+        },
+        ("ws", false) => {
            println!("Connecting via WebSocket to host={} port={}...", host, port);
            let url = Url::parse(format!("ws://{}:{}", host, port).as_str())?;
            let (stream, _) = tungstenite::connect(url)?;
            local_ip = match stream.get_ref() {
                MaybeTlsStream::Plain(ref stream) => Some(stream.local_addr()?.ip()),
-                _ => None
+                _ => return Err("Established connection type is not plain.".into())
            };
-            FCastSession::new(stream, encrypted)?
+            FCastSession::new(stream)
        },
-        _ => return Err("Invalid connection type. Use 'tcp' or 'websocket'.".into()),
+        ("ws", true) => {
+            println!("Connecting via WebSocket to host={} port={}...", host, port);
+            let mut builder = TlsConnector::builder();
+            builder.min_protocol_version(Some(Protocol::Tlsv12));
+            builder.danger_accept_invalid_certs(true);
+            let connector = builder.build()?;
+        
+            let url = Url::parse(&format!("wss://{}:{}", host, port))?;
+            let stream = TcpStream::connect(format!("{}:{}", host, port))?;
+            let connector = Some(Connector::NativeTls(connector.into()));
+            let (socket, _) = tungstenite::client_tls_with_config(url, stream, None, connector)?;
+        
+            local_ip = match socket.get_ref() {
+                MaybeTlsStream::NativeTls(ref stream) => Some(stream.get_ref().local_addr()?.ip()),
+                _ => return Err("Expected TLS stream".into()),
+            };
+        
+            FCastSession::new(socket)
+        
+        },
+        _ => return Err("Invalid connection type or encryption flag.".into()),
    };

    println!("Connection established.");
@ -295,7 +329,7 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {

        println!("Waiting for Ctrl+C...");

-        session.receive_loop(&running, false)?;
+        session.receive_loop(&running)?;

        println!("Ctrl+C received, exiting...");
    } else if let Some(setvolume_matches) = matches.subcommand_matches("setvolume") {
@ -317,17 +351,6 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
        std::process::exit(1);
    }

-    let receive_running = Arc::new(AtomicBool::new(true));
-    let receive_r = receive_running.clone();
-
-    ctrlc::set_handler(move || {
-        println!("Ctrl+C triggered...");
-        receive_r.store(false, Ordering::SeqCst);
-    }).expect("Error setting Ctrl-C handler");
-
-    println!("Waiting on queues to be empty... press CTRL-C to cancel.");
-    session.receive_loop(&receive_running, true)?;
-
    println!("Waiting on other threads...");
    if let Some(v) = join_handle {
        if let Err(_) = v.join() {
--- a/clients/terminal/src/models.rs
+++ b/clients/terminal/src/models.rs
@ -69,42 +69,4 @@ pub struct PlaybackErrorMessage {
 #[derive(Deserialize, Debug)]
 pub struct VersionMessage {
    pub version: u64,
-}
-
-#[derive(Serialize, Deserialize, Debug)]
-pub struct KeyExchangeMessage {
-    pub version: u64,
-    #[serde(rename = "publicKey")]
-    pub public_key: String,
-}
-
-impl KeyExchangeMessage {
-    pub fn new(version: u64, public_key: String) -> Self {
-        Self { version, public_key }
-    }
-}
-
-#[derive(Serialize, Deserialize, Debug)]
-pub struct DecryptedMessage {
-    pub opcode: u64,
-    pub message: Option<String>,
-}
-
-impl DecryptedMessage {
-    pub fn new(opcode: u64, message: Option<String>) -> Self {
-        Self { opcode, message }
-    }
-}
-
-#[derive(Serialize, Deserialize, Debug)]
-pub struct EncryptedMessage {
-    pub version: u64,
-    pub iv: Option<String>,
-    pub blob: String,
-}
-
-impl EncryptedMessage {
-    pub fn new(version: u64, iv: Option<String>, blob: String) -> Self {
-        Self { version, iv, blob }
-    }
 }
--- a/clients/terminal/src/transport.rs
+++ b/clients/terminal/src/transport.rs
@ -1,5 +1,6 @@
 use std::io::{Read, Write};
 use std::net::TcpStream;
+use native_tls::TlsStream;
 use tungstenite::Message;
 use tungstenite::protocol::WebSocket;

@ -54,3 +55,18 @@ impl<T: Read + Write> Transport for WebSocket<T> {
        Ok(())
    }
 }
+
+
+impl Transport for TlsStream<TcpStream> {
+    fn transport_read(&mut self, buf: &mut [u8]) -> Result<usize, std::io::Error> {
+        self.read(buf)
+    }
+
+    fn transport_write(&mut self, buf: &[u8]) -> Result<(), std::io::Error> {
+        self.write_all(buf)
+    }
+
+    fn transport_shutdown(&mut self) -> Result<(), std::io::Error> {
+        self.shutdown().map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))
+    }
+}